ProxySG Content Policy Language Guide

realm=

Tests if the client is authenticated and if the client has logged into the specified realm. If both of these conditions are met, the response is true. In addition, the group= condition can be used to test whether the user belongs to the specified group. This trigger is unavailable if the current transaction is not authenticated (for example, the authenticate property is set to no).

If you reference more than one realm in your policy, consider disambiguating user, group and attribute tests by combining them with a realm=test. This reduces the number of extraneous queries to authentication services for group, user or attribute information that does not pertain to that realm.

Syntax

realm=realm_name

where realm_name is the name of an NTLM, Local Password, RADIUS, LDAP, Certificate, or Sequence realm. Realm names are case-insensitive for all realm types.

Layer and Transaction Notes

Use in <Admin> and <Proxy> layers.

Applies to proxy and administrator transactions.

Examples

;This example tests if the user has logged into realm corp and

;is authenticated in the specified group.

realm=corp group=all_staff

;This example uses the realm property to distinguish the policy applied

;to two groups of users--corp’s employees, and their corporate partners and

;clients. These two groups will authenticate in different realms.

<proxy>

client.address=10.10.10/24 authenticate(corp) ; The corporate realm authenticate(client) ; Company partners & clients

<proxy> realm=corp ; Rules for corp employees

allow url.domain=corp.com ; Unrestricted internal access category=(violence, gambling) exception(content_filter_denied)

<proxy> realm=client ; Rules for business partners & clients

allow group=partners url=corp.com/partners ; Restricted to partners

allow group=(partners, clients) url=corp.com/clients ; Both groups allowed deny

;Additional layers would continue to be guarded with the realm, so that only

;the ‘client’ realm would be queried about the ‘partners’ and ‘clients’ groups.

See Also

Conditions: attribute.name=, authenticated=, group=, has_attribute.name=, http.transparent_authentication=, user=, user.domain=

112

Page 111 Page 113
Page 112
Image 112
Blue Coat Systems Proxy SG manual Realm=
Page 111 Page 113
Top Page Image Contents