ProxySG TechBrief – Creating a Disclaimer Page

What is a disclaimer page?

The disclaimer page is a variant of the splash page (see also the TechBrief: Creating a Splash Page). It
consists in sending a “pop-up” for the very first Web request that would present the corporate Web use policy
and informing users that all Web activity is logged. The pop-up then disappears automatically after 10 seconds.
The following presents the result of implementing a disclaimer page.

User requests www.yahoo.fr, and user receives a disclaimer popup

The popup disappears after 10 seconds

1 Technical Brief
How it works
As mentioned previously the disclaimer page is a variant of the splash page. The difference is that user-defined
exceptions are used to check and provide the popup along with the redirect mechanism for the initial request.
The policy is based on:

¾ A redirection to user defined exception page

¾ Policy based on “cookie” to identify if the user has been splashed or not
¾ If the cookie is not present, splash the user by inserting a popup that disappears after 10 seconds
¾ Otherwise, redirect the user back to the original requested page

The Exception
An exception needs to be defined which will consist in presenting the disclaimer redirect page and the
disclaimer popup. Two user-defined exceptions need to be installed:

¾ Disclaimer to redirect the user to the original requested page

¾ Disclaimer_popup to present the disclaimer to the user

The following code is used for the disclaimer exception:

<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function setCookie(NameOfCookie, value, expiredays) {
var ExpireDate = new Date();
ExpireDate.setTime(ExpireDate.getTime() + (expiredays * 24
* 3600 * 1000));
document.cookie = NameOfCookie + "=" + escape(value) +
((expiredays == null) ? "" : "; expires=" +
ExpireDate.toGMTString());
}
msg=window.open("http://disclaimer.policyexample.bluecoat.
com/disclaimer",'mig','toolbar=0,location=0,directories=0,
status=0,menubar=0,scrollbars=no,resizable=0,width=200,hei
ght=170');
setCookie('splash','',1);

</SCRIPT>
<title>Disclaimer Policy</title>
</head>
You have been authorized. Your request will now be
redirected to your requested site.
<meta http-equiv="refresh" content="0; URL=$(url)">
</html>

2 Technical Brief
The following code is used for the disclaimer_popup exception:

<html>
<head>
<script>
function getCookie(NameOfCookie){
if (document.cookie.length > 0) {
begin = document.cookie.indexOf(NameOfCookie+"=");
if (begin != -1) {
begin += NameOfCookie.length+1;
end = document.cookie.indexOf(";", begin);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(begin,
end));
}
}
return null;
}
function setCookie(NameOfCookie, value, expiredays) {
var ExpireDate = new Date();
ExpireDate.setTime(ExpireDate.getTime() + (expiredays *24
* 3600 * 1000));
document.cookie = NameOfCookie + "=" + escape(value) +
((expiredays == null) ? "" : "; expires=" +
ExpireDate.toGMTString());
}
function delCookie (NameOfCookie) {
var ExpireDate = new Date();
ExpireDate.setTime(ExpireDate.getTime() - 1);
if (getCookie(NameOfCookie)) {
document.cookie = NameOfCookie + "=" +
"; expires=" + ExpireDate.toGMTString();
}
}
function DoTheCookieStuff()
{
username=getCookie('splash');
document.write("<img
src=http://www.bluecoat.com/images/BCShp_logorev.gif><br>"
);
document.write("Internet access is monitored and logged");

3 Technical Brief
 document.write("<br>");
document.write("Your username is "+username);
setTimeout('window.close()',20000);
}
</script>
<title>Policy</title>
</head>
<body onLoad="DoTheCookieStuff()">
</body>
</html>

The code above is automatically installed when the policy is downloaded and installed to the ProxySG. See the
next section for download instructions.

Disclaimer Page Policy

The policy is processed as follows:

¾ The Disclaimer Page policy intercepts all HTTP requests to HTML content
¾ The request is then checked to identify if the user has already been splashed – we identify user has
already via the following:
¾ Redirect user to disclaimer.policyexample.bluecoat.com/?splash://requestedurl
¾ Check if user presents the cookie “splash”
¾ If user presents the cookie “splash” (user has already been splashed) then we redirect the user to
http://requestedurl?splash, then we set a cookie for the hostname “requestedurl” and finally redirect the
user to http://requestedurl
¾ Else, we send a user defined exception called disclaimer to the user that will call another exception
which includes the popup disclaimer_popup and we set the cookie “splash” for the hostname
disclaimer.policyexample.bluecoat.com which will identify later on the browser session as already
splashed

Install the policy by implementing the following steps:

1. Download and save the pre-defined Blue Coat Policy

2. Modify the policy to meet you requirements
3. Open the Blue Coat management console to the archive page
4. Install the policy and review results

Step 1
Copy the following pre-defined Blue Coat policy on to your local PC.

The policy can be obtained by going to the following link:

http://techlabs.bluecoat.com/policy/config_disclaimer.zip

(You will need to unzip file after downloading)

Step 2
You may need to modify some parameters in the copied policy to customize the desired effect for your
environment. For example, you may want to modify the disclaimer message.

4 Technical Brief
Step 3
To load the policy to your ProxySG, open the web management interface. Go into Configuration | General |
Archive

Then click on the button Install from Installation Configuration from Local File. You will see the following screen.

Then select the policy file that you previously saved to your PC. WARNING: Using the archive configuration
will eliminate any existing local policy stored on the ProxySG.

5 Technical Brief
 Step 4
Click on Install at the bottom of the above screen to save and install the policy. Check for any installation errors
and correct. Once the policy is installed, you are ready to test the disclaimer page by attempting to access a
Web site.

Conclusion
With the Blue Coat ProxySG security administrators have the flexibility to create a disclaimer message in the
form of a pop up that prompts users about the company’s Web usage policies. The disclaimer can be set to
disappear after any configurable amount of time.

Copyright ©2005 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to
any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information
contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat is
a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their
respective owners.

Contact Blue Coat Systems • 1.866.30BCOAT • 408.220.2200 Direct • 408.220.2250 Fax • www.bluecoat.com

6 Technical Brief