Starting in SGOS 5.3 and later, Blue Coat introduced a new feature named "True Policy Denied". The true policy denied category is the actual category or categories which triggered the policy deny. The ProxySG now has a way to identify to Blue Coat Reporter the category or categories which can be reliably claimed as the reason for a policy decision. That is done by adding a new field to the main access log
The new category substitution is: $(exception.category). This provides a method for the ProxySG to identify to Blue Coat Reporter the category or categories as the reason for a policy decision. The Reporter main access log format includes the new x-exception-category field.
Using $(exception.category) in Exception Page returns the category name which match the rule hit in policy. You may refer to 000008815 for "Creating custom exception pages in the ProxySG".
Example of true policy deny with Peer-to-Peer as the reason for the denial:
BCWF Categories: Spyware/Malware Sources, Peer-to-Peer (P2P), Hacking, and Adult/Mature Content
Web Access Layer
Source: "ANY" Destination: "BCWF Category: Peer to Peer (P2P)" Action: "Return Exception"
Result from browser Exception page:
$(url) value: http://thepiratebay.org/
$(cs-category) value: Adult/Mature Content
$(cs-categories) value: Adult/Mature Content;Hacking;Spyware/Malware Sources;Peer-to-Peer (P2P)
$(exception.category) value: Peer-to-Peer (P2P)