![](/images/new-backgrounds/1265790/265790107x1.webp)
ProxySG Content Policy Language Guide
attribute.name=
Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and if the authenticated user has the specified attribute with the specified value. This trigger is unavailable if the current transaction is not authenticated (that is, the authenticate property is set to no).
If you reference more than one realm in your policy, you may wish to disambiguate attribute tests by combining them with a realm= test. This can reduce the number of extraneous queries to authentication services for attribute information that does not pertain to that realm.
Syntax
attribute.name=value
where:
•name is a RADIUS or LDAP attribute. The name attribute’s
•RADIUS realm: The only available attribute is ServiceType, which is always
•LDAP realm:
•value: An attribute value.
Layer and Transaction Notes
•Use in <Admin> and <Proxy> layers.
•Applies to proxy and administrator transactions.
•This condition cannot be combined with the authenticate() or socks.authenticate() properties.
Examples
;This example uses the value of the ContentBlocking attribute associated with a
;user to select which content categories to block. (SmartFilter 3 categories are
;used.)
<proxy>
authenticate(LDAPRealm)
<proxy> exception(content_filter_denied)
attribute.ContentBlocking=Adult category=(Sex, Nudity, Mature, Obscene/Extreme) attribute.ContentBlocking=Violence category=(Criminal_Skills, Hate_Speech)
...
;This example uses the attribute property to determine permissions associated with
;RADIUS authentication.
define condition ProxyAllowed
attribute.ServiceType=(2,6,7,8)
end
54