ProxySG Content Policy Language Guide
54
attribute.name=Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and if the authenticated
user has the specified attribute with the specified value. This trigger is unavailable if the current
transaction is not authenticated (that is, the authenticate property is set to no).
If you reference more than one realm in you r policy, you may wish to disambiguate attribute tests by
combining them with a realm= test. This can reduce the number of extraneous queries to
authentication services for attribute information that does not pertain to that realm.
Syntax
attribute.name=value
where:
•name is a RADIUS or LDAP attribute. The name attribute’s case-sensitivity depends on the type of
authentication realm.
• RADIUS realm: The only available attribute is ServiceType, which is always case-sensitive.
• LDAP realm: Case-sensitivity depends on the realm definition in configuration.
•value: An attribute value.
Layer and Transaction Notes
•Use in <Admin> and <Proxy> layers.
• Applies to proxy and administrator transactions.
• This condition cannot be combined with the authenticate() or socks.authenticate()
properties.
Examples
; This example uses the value of the ContentBlocking attribute associated with a
; user to select which content categories to block. (SmartFilter 3 categories are
; used.)
<proxy>
authenticate(LDAPRealm)
<proxy> exception(content_filter_denied)
attribute.ContentBlocking=Adult category=(Sex, Nudity, Mature, Obscene/Extreme)
attribute.ContentBlocking=Violence category=(Criminal_Skills, Hate_Speech)
...
; This example uses the attribute property to determine permissions associated with
; RADIUS authentication.
define condition ProxyAllowed
attribute.ServiceType=(2,6,7,8)
end