ProxySG Content Policy Language Guide

attribute.name=

Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and if the authenticated user has the specified attribute with the specified value. This trigger is unavailable if the current transaction is not authenticated (that is, the authenticate property is set to no).

If you reference more than one realm in your policy, you may wish to disambiguate attribute tests by combining them with a realm= test. This can reduce the number of extraneous queries to authentication services for attribute information that does not pertain to that realm.

Syntax

attribute.name=value

where:

name is a RADIUS or LDAP attribute. The name attribute’s case-sensitivity depends on the type of authentication realm.

RADIUS realm: The only available attribute is ServiceType, which is always case-sensitive.

LDAP realm: Case-sensitivity depends on the realm definition in configuration.

value: An attribute value.

Layer and Transaction Notes

Use in <Admin> and <Proxy> layers.

Applies to proxy and administrator transactions.

This condition cannot be combined with the authenticate() or socks.authenticate() properties.

Examples

;This example uses the value of the ContentBlocking attribute associated with a

;user to select which content categories to block. (SmartFilter 3 categories are

;used.)

<proxy>

authenticate(LDAPRealm)

<proxy> exception(content_filter_denied)

attribute.ContentBlocking=Adult category=(Sex, Nudity, Mature, Obscene/Extreme) attribute.ContentBlocking=Violence category=(Criminal_Skills, Hate_Speech)

...

;This example uses the attribute property to determine permissions associated with

;RADIUS authentication.

define condition ProxyAllowed

attribute.ServiceType=(2,6,7,8)

end

54

Page 54
Image 54
Blue Coat Systems Proxy SG manual Attribute.name=