What is "True Policy Denied"?

<< Back to Knowledge Search



Starting in SGOS 5.3 and later, Blue Coat introduced a new feature named "True Policy Denied".  The true policy denied category is the actual category or categories which triggered the policy deny.  The ProxySG now has a way to identify to Blue Coat Reporter the category or categories which can be reliably claimed as the reason for a policy decision.  That is done by adding a new field to the main access log

The new category substitution is: $(exception.category). This provides a method for the ProxySG to identify to Blue Coat Reporter the category or categories as the reason for a policy decision. The Reporter main access log format includes the new x-exception-category field.

Using $(exception.category) in Exception Page returns the category name which match the rule hit in policy. You may refer to 000008815 for "Creating custom exception pages in the ProxySG".

Example of true policy deny with Peer-to-Peer as the reason for the denial:

URL: http://thepiratebay.org/
BCWF Categories: Spyware/Malware Sources, Peer-to-Peer (P2P), Hacking, and Adult/Mature Content
VPM Rule:
Web Access Layer
Source: "ANY"  Destination: "BCWF Category: Peer to Peer (P2P)"  Action: "Return Exception"

Result from browser Exception page:
$(url) value: http://thepiratebay.org/
$(cs-category) value: Adult/Mature Content
$(cs-categories) value: Adult/Mature Content;Hacking;Spyware/Malware Sources;Peer-to-Peer (P2P)
$(exception.category) value: Peer-to-Peer (P2P)


Additional Information
Bug Number
InQuira Doc IdFAQ360

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 5.3, SGOS 5.4
Topic      Content Filtering, Errors / Event Logs / Alerts, Installation / Configuration
Article Number      000015495
Was this helpful?
Previous MonthNext Month