Blue Coat Systems Proxy SG Time Clock User Manual


 
ProxySG Content Policy Language Guide
112
realm=
Tests if the client is authenticated and if the client has logged into the specified realm. If both of these
conditions are met, the response is true. In addition, the
group= condition can be used to test whether
the user belongs to the specified group. This trigger is unavailable if the current transaction is not
authenticated (for example, the
authenticate property is set to no).
If you reference more than one realm in your policy, consider disambiguating user, group and
attribute tests by combining them with a
realm=test. This reduces the number of extraneous queries
to authentication services for group, user or attribute information that does not pertain to that realm.
Syntax
realm=realm_name
where realm_name is the name of an NTLM, Local Password, RADIUS, LDAP, Certificate, or
Sequence realm. Realm names are case-insensitive for all realm types.
Layer and Transaction Notes
•Use in
<Admin> and <Proxy> layers.
Applies to proxy and administrator transactions.
Examples
; This example tests if the user has logged into realm corp and
; is authenticated in the specified group.
realm=corp group=all_staff
; This example uses the realm property to distinguish the policy applied
; to two groups of users--corp’s employees, and their corporate partners and
; clients. These two groups will authenticate in different realms.
<proxy>
client.address=10.10.10/24 authenticate(corp) ; The corporate realm
authenticate(client) ; Company partners & clients
<proxy> realm=corp ; Rules for corp employees
allow url.domain=corp.com ; Unrestricted internal access
category=(violence, gambling) exception(content_filter_denied)
<proxy> realm=client ; Rules for business partners & clients
allow group=partners url=corp.com/partners ; Restricted to partners
allow group=(partners, clients) url=corp.com/clients ; Both groups allowed
deny
; Additional layers would continue to be guarded with the realm, so that only
; the ‘client’ realm would be queried about the ‘partners’ and ‘clients’ groups.
See Also
Conditions:
attribute.name=, authenticated=, group=, has_attribute.name=,
http.transparent_authentication=, user=, user.domain=