3 Replies Latest reply on Oct 17, 2014 7:17 PM by btlyric

    Coaching + Coaching = Possible?

    btlyric

      Multiple questions:

       

      Is it possible to do coaching for more than one criteria in a single session?

       

      Is there a way to invoke a notification page without using coaching?

       

      With coaching, do the coaching settings only apply to time/volume?

       

      With PD Storage, do the settings only apply to timeout values?

       

      Scenario:

       

      When a web site with a problematic certificate is accessed, I want to put up a notification page that explains what the problem is and offer the option to accept the risk and click through.

       

      I am currently doing this via a combo of coaching and PD Storage. I'm only using the coaching portion to provide the click through web page so if there's a way to present a warning page that doesn't need a coaching activation, that would be acceptable as well.

       

      Using the same methodology, I am also testing options for providing a notification page for sites that are uncategorized and have an unverified reputation.

       

      Individually, each rule set seems to work, but when both criteria hit, I'm running into a problem. I may be stepping on myself in unexpected ways.

       

      The general logic is this:

       

      - If SSL site and certificate meets certain criteria (self-signed, for example), Block and provide reason for block. Block page has option to Continue. Continue = $Quota.Coaching.JS.ActivateSession$.

      - When the Continue option is selected, that will trigger a rule higher up that has criteria Quota.Coaching.IsActivationRequest.Strict<Bad Cert> equals true and the action on that is Redirect to the original URL. At that point, I add Event: PDStorage.AddUserData.String(String.Concat("BADCERT-",URL.Host),SSL.Server.Cert ificate.SHA1Digest<Certs>

      - When the connection continues, it will then pass through the Block rule because I'm checking for the PDStorage value. (It seems also necessary to invoke Quota.Coaching.SessionExceeded in some manner in order for the entire coaching option to work so at this point I also check for SessionExceeded equals true OR SessionExceeded equals false -- one of the two will be true)

      - The next rule it will hit is a rule that checks for the PD Storage value -- if the value exists, Stop Rule Set occurs.

       

      Trying to use the same sort of methodology for sites that are uncategorized and have no reputation. For those, I write a PD Storage value of (String.Concat("UNCAT-",URL.Host) and the coaching rules are similar. One slight difference for these is that if the Block page is hit, I write "BLOCKED" to PD Storage and when the coaching is accepted, I write ACCEPTED to PD Storage.

       

      Currently, coaching for self-signed certificate for a site works. Coaching for an uncategorized and unverified site works. However, when presented with a site that has both a certificate issue and is uncategorized/unverified, I'm running into problems . My best guess right now is that I'm running across something where the coaching activation is triggering on the wrong rule set, but I haven't had the time to fully break it down and test it so any advice is appreciated.

        • 1. Re: Coaching + Coaching = Possible?
          flitcraft33


          yes you can coach more than one thing. I hve a ruleset that Erik at McAfee provided that lets me coach by Categories. Each category will be separately coached and time tracked. I am having issues with  streaming media, but the rest of the categories work well. You cah contact support and probably ask them for Erik's coaching rule set and they may be able to steer you to them.They are UNSUPPORTED however, so you will be on your own with any problems this creates.

          • 2. Re: Coaching + Coaching = Possible?

            When the coaching button is clicked, it sends an activation request to the URL: (category=online shopping in this example.)

             

              POST http://www.sears.com/mwg-internal/de5fs23hu73ds/plugin?target=QuotaPlugin&quotat ype=coaching HTTP/1.1

             

             

            With the header data of the original URL.
               Quota-URL: aHR0cDovL3d3dy5zZWFycy5jb20v (base64 decodes to http://www.sears.com/)

             

            The problem is, it's the same URL when doing either coaching page.

            My guess is that the POST does go down the wrong rule set because the URL itself is the distinguishing characteristic and it will go down the first IsActivationRequest it sees.

            That is, when you click the button, the rules can't tell when to stop.

            Turn on the rule tracing and watch the path it goes down when you activate.

             

             

            $Quota.Coaching.JS.ActivateSession$ is roughly equivalent to:
            activateSession("$Proxy.EndUserURL$/plugin?target=QuotaPlugin&quotatype=coaching",\
            "$Authentication.UserName$",\
            "$String.Base64Encode(URL.Raw)$")

             

            This might or might not work. I haven't tried, it's just an idea.

             

            Instead of having the button be defined as:

             

            <input type="button" id="activatebutton" value="Continue Session" onClick="$Quota.Coaching.JS.ActivateSession$" />

             

            Add a parameter to to the activation URL and use that to distinguish which button on which page was clicked:

             

            <input type="button" id="activatebutton" value="Continue Session" onClick="activateSession(&quot;$Proxy.EndUserURL$/plugin?target=QuotaPlugin&amp;quotatype=coaching&amp;BUTTON=BADCERT&quot;,&quot;$Authentication.UserName$&quot;,&quot;$String.Base64Encode(URL.Raw)$&quot;); return false;" />

             

             

            And then be more selective on the rule set criteria to have it only drop into the isActivationRequest if URL.Parameter.Exists("BUTTON")==true and URL.Parameter.Value("BUTTON")=="BADCERT"

             

            ...or something like that...

            • 3. Re: Coaching + Coaching = Possible?
              btlyric

              I had forgotten about this question. I didn't realize that you could pass parameters that way...this opens up all sorts of interesting possibilities.  Thanks!