I need to write a Web Gateway rule to warn a user that a website's reputation is unverified. I would like the rule to then allow the user to accept the risk and proceed to the website by clicking a link if they really need to get there. Any help on writing the rule would be appreciated.
Theoretically, you could use a Coaching page.
There are four basic components to a Coaching rule set.
1) Criteria the determines if you go into Coaching -- in your case it would be that reputation is Unverified
2) Coaching Redirect, criteria = Quota.Coaching.IsActivationRequest.Strict, Redirect to original URL
3) Coaching Notification, critiera = Quota.Coaching.SessionExceeded, Block with coaching notification page
4) Coaching Check, criteria = Quota.Coaching.SessionExceeded equals false, Stop Rule Set
The problem that I have yet to resolve is how to handle the fact that if you were to do coaching for one Unverified site, you've then set the CoachingExceeded flag to false which means that if someone was to go to another Unverified site within the coaching timeframe, it would be permitted. I'm trying to figure out how to make this work for things like Self-Signed certificates so that the client is prompted for a specific site, can choose to go there, MWG knows that that's okay, but if they go to a different site that also has a self-signed certificate, they get a new coaching notification for that specific site.
I would think that you could create a rule that says if unverified---> block and then on the block page have wording about the risk and then a button to continue but I cannot find information about the button of the action behind it.
Sorry for the brevity, again I'm time crunched, but here is what I would expect it to look like (didnt test it):
You can based this on the default coaching ruleset.
If a client goes to a site that's Unverified and accepts the coaching option, doesn't that mean that for the timeframe in which the CoachingSessionExceeded equals false, all Unverified sites will be permitted?
This is highly theoretical right now because I don't know how well it's going to scale, but here's what I did:
URL.ReputationString<Default> equals "Unverified" AND URL.Categories<Default> none in list AllCategories
action = continue
events: set user-defined.category-unverified-warning ="Unverified/Uncategorized Site."
Quota.Coaching.IsActivationRequestSTrict<Uncategorized Site> equals true
action = redirect
events: PDStorage.AddUserData.String(URL.Host, "WarningAccepted")<Sites>
Quota.Coaching.SessionExceeded<Uncategorized Site> equals true
action = Block <Uncategorized Site>
PDStorage.GetUserData.String(URL.Host)<Sites> equals "WarningAccepted"
action = Stop Rule Set
The idea is to use PD Storage to create an entry associated with the username or IP address of the client with the URL.Host value and a flag indicating that the coaching was acceped. Then, for the timeout of the PD Storage instance, further accesses to that site will not cause the Block page to pop up. Theoretically, you could eliminate coaching, but I'm not clear on what would need to be done to get the second rule to trigger once you blocked in the third rule.
Some minor modifications...
Top level criteria should be URL.ReputationString<Default> equals "Unverified" AND URL.Categories<Default> none in list AllCategories
First rule changes to criteria = always
Third rule changes to
Quota.Coaching.SessionExceeded<Uncategorized Site> equals true OR
PDStorage.GetUserData.String(URL.Host)<Sites> does not equal "WarningAccepted"
action = Block <Uncategorized Site>
Under the rule above yes (because that was the only ruleset), but if you had rules occurring after, then they would still take place and block items.