Chapter 3: Condition Reference

Applies to proxy and administrator transactions.

This condition cannot be combined with the authenticate( ), proxy_authentication( ), or socks.authenticate( ) properties.

Examples

;Test if user is authenticated in group all_staff and specified realm. realm=corp group=all_staff

;This example shows sample group tests for each type of realm. It does

;this by creating a condition in CPL that treats a group of administrators in

;each realm as equivalent, granting them permission to administer the Security

;Appliance. Recall that the <Admin> layer uses a whitelist model by default. define condition RW_Admin

realm=LocalRealm group=RWAdmin realm=NTLMRealm group=xyz-domain\cache_admin realm=LDAPRealm group=”cn=cache_admin, ou=groups, o=xyz”

;The RADIUSRealm uses attributes, and this can be expressed as follows: realm=RADIUSRealm attribute.ServiceType=8

end condition RW_Admin

<admin>

client.adress=10.10.1.250/28 authenticate(LocalRealm) client.adress=10.10.1.0/24 authenticate(NTLMRealm) client.adress=10.10.2.0/24 authenticate(LDAPRealm) client.adress=10.10.3.0/24 authenticate(RADIUSRealm)

<admin>

allow condition=RW_Admin admin.access=(READWRITE)

See Also

Conditions: attribute.name=, authenticated=, has_attribute.name=, http.transparent_authentication=, realm=, user=, user.domain=

Properties: authenticate( ), authenticate.force( ), check_authorization( ), socks.authenticate( ), socks.authenticate.force( )

73

Page 72 Page 74
Page 73
Image 73
Blue Coat Systems Proxy SG manual Examples
Page 72 Page 74
Top Page Image Contents