Blue Coat ProxySG – Creating A Splash Page

BlueCoatThere do not seem to be many up to date resources regarding the building of BlueCoat splash pages, or exception pages. Even the top Google search will point you to a BlueCoat document (578) that is dated “v3-0609” for June of 2009, or to another BlueCoat document (8577) that are pretty stripped down and provide only the bare essentials of user notification. Not to mention it really doesn’t help out in a large environment with multiple BlueCoat proxy’s and multiple layers of support personnel. I used it when it was first published, as a basic starting point, but most of what I have learned and implemented was a product of lots of setting adjustments, variables, etc… to get the right combination for the types of companies they were being implemented for. I wanted to post this up to give people searching the net for answers, a place where they can get a working splash page up and running quickly, and only change a bit of wording. First, you need to build the webpage that you want BlueCoat to provide to users. This page is like most others and can understand CSS, HTML, etc. I chose to keep my page very simple and provide a static window for the content I want to provide to users. In the code box below is all the CSS and HTML code that you will need to plug this into the BlueCoat exception file (with your modifications of course):

See a demo of what the BlueCoat splash page code below, will look like. Click the “send an email to Company-X security team” link on the page that pops up to see the additional MailTo function that you can build to suit your needs.

(exception.user-defined.Exception-Blacklist-BC-Category
      (http
        (code "403")
        (format <<--1db17456.89d81--
<html>
<head>
<title>Company-X Restricted Access Policy - Blacklist Category</title>
<meta name="author" content="Company-X Security">
<meta name="description" content="Company-X Restricted Access Policy - Blacklist Category">
</head>

<style type="text/css" media="screen">
body {
     margin:50px 0px;
     padding:0px;
     text-align:center;
     }

#content {
	 width:890px;
	 margin:0px auto;
	 text-align:center;
         font-family: Arial, Helvetica, sans-serif;
         font-size: 14px;
         color: #666;
	 padding:15px;
	 border:3px outset #8ac240;
	 background-color:#fff;
	 }

table {
      table-layout:fixed;
      width:100%;
      font-size: 14px;
      color: #666;
      word-break:break-all;
      }

.details-column-left {  
                     text-align:right;         
                     padding-right:2px;
                     color: #666;
                     }      

.details-column-right {  
                      text-align:left;         
                      padding-left:2px;
                      color: #528505;
                      } 

</style>
<body>
<div id=content>
<img src=http://letmein.drupalcafe.com/sites/letmein.drupalcafe.com/files/images/Company-X-Logo-300.png></p>
<font size=5>Access to this site is restricted.</font>
</p>
<font size=3><font color=#E0001B>Attention:</font></font> Access to the requested website "<font 

color=#E0001B>$(url)</font>" is restricted in accordance with the Company-X <a 

href="http://www.company-x.com/policy/internet-use.html" target="_blank">acceptable internet use policy</a>.
</p>
<p>If access to the website is required for business purposes please <a href="mailto:security@Company-X.com?

subject=Internet Proxy Exception
Request - $(url)&amp;body=Security Team, please review the following request for access:%0A%0A
Requestor's Username: $(user.name)%0A
Requestor's IP Address: $(client.address)%0A
Web Page URL: $(url)%0A
Web Page Category: $(cs-categories)%0A
Current UTC date/time: $(month.utc)-$(day.utc)-$(year.utc) $(time.utc)%0A
Connection request details collected from: $(proxy.name)%0A%0A
">send an email to Company-X security team</a>,to have your request for exception reviewed.</p>
<font color=#E0001B>Note:</font> User will be required to provide business justification to within the email.</p>
<hr>
</p>
Internet usage is logged and subject to monitoring, in accordance with the Company-X 
<a href="http://www.company-x.com/policy/network-monitoring.html" target="_blank">network monitoring policy</a>.
</p>
<table>
<caption>Connection Request Details</caption>
    <tr>           
       <td class="details-column-left">Company-X Internet Proxy:</th>                     
       <td width="1">&nbsp;</td>                     
       <td class="details-column-right">$(proxy.name)</td>                 
    </tr>
    <tr>                     
       <td class="details-column-left">Your Username:</th>                     
       <td width="1">&nbsp;</td>                     
       <td class="details-column-right">$(user.name)</td>                 
    </tr>
    <tr>                     
       <td class="details-column-left">Your IP Address:</th>                     
       <td width="1">&nbsp;</td>                     
       <td class="details-column-right">$(client.address)</td>                 
    </tr>  
    <tr>                     
       <td class="details-column-left">Web Page URL:</th>                     
       <td width="1">&nbsp;</td>                    
       <td class="details-column-right">$(url)</td>                 
    </tr> 
    <tr>                     
       <td class="details-column-left">Web Page Category:</th>                     
       <td width="1">&nbsp;</td>                     
       <td class="details-column-right">$(cs-categories)</td>                 
    </tr>
    <tr>                     
       <td class="details-column-left">Current UTC date/time:</th>                     
       <td width="1">&nbsp;</td>                     
       <td class="details-column-right">$(month.utc)-$(day.utc)-$(year.utc) at $(time.utc)</td>      
    </tr>
</table>
</p>***This is a restricted system and for use by authorized personnel only***
</div>
</body>
</html>
--1db17456.89d81--
        )
      )
    )
  1. Now add the above code to your ProxySG exception config:
    • Login to the ProxySG
    • Click the “Configuration” tab
    • Expand “Policy”
    • Click “Exception”
    • Choose “Text Editor” from the dropdown menu, and hit “Install”.
    • This will open the exceptions file, so you can add your code as you can see in this screenshot
  2. Utilize the new exception in a VPM object:
    • Jump into the VPM,
    • Goto the tab where your web access rules are located
    • Find the blocking rule you want to apply the splash page to
    • Right click on the allow/deny that we are replacing with a splash page
    • Hit “Set…”, then “New…”
    • Choose “Return Exception”, then find your newly added exception in the dropdown box
    • You will see something that looks like this
    • Now Install Policy

Once the code has been added to the exception file, and it is referenced in a VPM object, and policy has been pushed, its time to test out the code and see what you can do to it. Change up the size of the content box, write the splash page text your own wording, test out other variables if needed, etc… Get your feet wet here, and make something that caters to you and your companies needs.

The MailTo code is also a nice thing to use if you need to pre-populate a bit of text regarding the diagnostic information that the exception page will provide. It is not a super whiz-bang tool, but you can tailor it to send a comprehensive message to the right person that might need it for you specific splash page, and provide them with exactly the information they need using some or all of the variables listed in the above code. Now play around with the CSS, HTML, and the MailTo variables, and create your own exception page. NOTE: There are many more BlueCoat variables that can be used, but I have found that the ones above are sufficient for most administrators. But please do find and use the variables that work for you.

If this information was helpful to you, please feel free to link to it, or share it with others.

Thanks!