Chapter 4: Property Reference

deny.unauthorized( )

The deny.unauthorized property instructs the ProxySG to issue a challenge (401 Unauthorized or 407 Proxy authorization required). This indicates to the client that the resource cannot be accessed with their current identity, but might be accessible using a different identity. The browsers typically respond by bringing up a dialog box so the user can change their identity. (The details string appears in the challenge page so that if the user cancels, there is some additional help information provided).

Typically, use deny( ) if the policy rule forbids everyone access, but use deny.unauthorized if the policy rule forbids only certain people.

Syntax

deny.unauthorized deny.unauthorized(details)

where details is a string defining a message to be displayed to the user. The details string may contain CPL substitution variables.

Discussion

If current policy contains rules that use the authenticate() or authenticate.force( ) properties, the deny.unauthorized( ) property is equivalent to exception(authorization_failed). If policy does not contain any rules that require authentication, deny.unauthorized( ) is equivalent to exception(policy_denied).

The identity of the exception being returned can be tested in an <Exception> layer using

exception.id=.

Layer and Transaction Notes

Use in <Proxy> layers.

Applies to HTTP transactions. For other protocols, the property is the equivalent to deny( ).

See Also

Conditions: exception.id=

Properties: deny( ), exception( ), force_deny( ), force_exception( )

175

Page 174 Page 176
Page 175
Image 175
Blue Coat Systems Proxy SG manual Deny.unauthorized
Page 174 Page 176
Top Page Image Contents