3 Replies Latest reply on Sep 19, 2014 3:38 PM by flitcraft33

    MWG Coaching Page with Comments

      I've had 2 different customers from 2 different countries in 2 days ask for the same thing, so i figured I'd post it here.

       

      When you use a coaching page, have a Business Justification comments field that gets logged.

      When the coaching page is displayed, there is an extra field:

      capture.png

       

      You must enter something or a JavaScript form validation warns you:

      capture2.png

      After a comment has been entered, it adds an entry to a Coaching.log:

      [17/Jun/2013:15:21:59 +0000] "user1" 192.168.2.2 173.194.43.1 0 "GET http://www.youtube.com/ HTTP/1.1" "Streaming Media, Media Sharing" "Minimal Risk" "-" 0 0 "300" "I have to watch a training video."

       

      The process involves a rule set for coaching:

      Coaching with Comments
      [This ruleset contains rules for coaching for urls, user and ip. This ruleset will not be exectued if SSL is disabled and a HTTPS request has been done.]
      Enabled
      Applies to Requests: True / Responses: False / Embedded Objects: False
      1: SSL.ClientContext.IsApplied equals true
      2: OR Command.Name does not equal "CONNECT"
      Coaching With URL Configuration
      Enabled
      Applies to Requests: True / Responses: True / Embedded Objects: True
      1: URL.Categories<Default> at least one in list URL Category Blocklist for Coaching
      2: OR Quota.Coaching.IsActivationRequest.Strict<URL Category Configuration> equals true
      EnabledRuleActionEventsComments
      EnabledRedirecting After Starting New Coaching Session
      1: Quota.Coaching.IsActivationRequest equals true
      Redirect<Redirection After Coaching Session Activation>Set Redirect.URL = String.Base64Decode(String.ReplaceAll(URL.GetParameter("Quota-URL"),"%3D","="))
      Set User-Defined.Coaching.Business.Justification = String.Base64Decode(URL.GetParameter("comments"))
      Set User-Defined.Coaching.Business.Justification = String.ReplaceAll(User-Defined.Coaching.Business.Justification,""","'")
      Set User-Defined.Coaching.Business.Justification = String.ReplaceAll(User-Defined.Coaching.Business.Justification,String.CRLF,"|")
      Set User-Defined.Coaching.Business.Justification = String.ReplaceAll(User-Defined.Coaching.Business.Justification,String.LF,"|")
      Set User-Defined.Coaching.Business.Justification = String.ReplaceAll(User-Defined.Coaching.Business.Justification,"%20"," ")
      Set User-Defined.notificationMessage =
           DateTime.ToWebReporterString +
           " "" +
           String.ReplaceIfEquals(Authentication.UserName,"","-") +
           "" " +
           String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
           " " +
           String.ReplaceIfEquals(IP.ToString(URL.Destination.IP),"","-") +
           " " +
           String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
           " "" +
           String.ReplaceIfEquals(Command.Name,"","GET") +
           " " +
           String.ReplaceIfEquals(String.Base64Decode(URL.GetParameter("Quota-URL")),"",UR L) +
           " " +
           String.ReplaceIfEquals(Request.ProtocolAndVersion,"","HTTP/1.1") +
           "" "" +
           String.ReplaceIfEquals(List.OfCategory.ToString(URL.Categories<Default>),"","-") +
           "" "" +
           String.ReplaceIfEquals(URL.ReputationString<Default>,"","-") +
           "" "" +
           String.ReplaceIfEquals(MediaType.ToString(MediaType.FromHeader),"","-") +
           "" " +
           String.ReplaceIfEquals(Number.ToString(BytesToClient),"","-") +
           " " +
           String.ReplaceIfEquals(Number.ToString(BytesFromClient),"","-") +
           " "" +
           String.ReplaceIfEquals(Number.ToString(Block.ID),"","-") +
           "" "" +
           String.ReplaceIfEquals(User-Defined.Coaching.Business.Justification,"","-") +
           """
      FileSystemLogging.WriteLogEntry(User-Defined.notificationMessage)<Coaching.log>
      This rule redirects the user back to the requested url after the user started a new session by pushing the button in the HTML Session template.
      EnabledCheck If Coaching Session Has Been Exceeded
      1: Quota.Coaching.SessionExceeded<URL Category Configuration> equals true
      Block<ActionCoachingBlockedWithComments>This rule shows a block html site for Coaching after the session for Coaching has been exceeded and one of the urls is in the url blocklist.

       

      And a modifications to the ActionCoachingBlocked template:

      capture4.png

      Create a new template called ActionCoachingBlockedWithComments, copy the entire original HTML from the ActionCocahingBlocked page to it, and remove the previous <table> and <form> and replace with above.

       

      The rules and partial template with the replacement html is attached.

        • 1. Re: MWG Coaching Page with Comments

          This is awesome, and exactly the type of rule I'm looking to implement in my organization.

           

          I've started some initial testing with this rule, and have run into some issues when using Chrome.  When activating the session, I get the error below.6-26-2013 5-49-31 PM.jpg

           

          I'm new to the coaching ruleset, but we do use redirection for for authentication so I'm not sure what causes this.  any insight?

           

          Thanks

          • 2. Re: MWG Coaching Page with Comments

            I just tested this with

            Google Chrome27.0.1453.116 (Official Build 206485) m

             

             

            I do not see the same results. I works as i would expect.

             

            Does the default ruleset for coaching work with chrome?

             

            What is technically supposed to happen is when you submit, it is supposed to send a HTTP 302 redirect with a Location header of the original site. It also includes the html body you see as a message before the redirection is supposed to occur.

             

            The redirection header should have something like this:

             

            HTTP/1.1 302 redirected

            Location: http://www.theoriginalsite.com/

            Content-Type: text/html

            Cache-Control: no-cache

            Content-Length: 5846

            Proxy-Connection: Keep-Alive

             

            <html> body of the message you saw</html>

             

            It sounds like the location header didn't come through properly or the browser is not honoring the redirect.

             

            Take a wireshark of the client and see what the location header actually displays.

             

            You can send it to my email instead of posting it because there could be sensitive info in it you may not want public.

            erik_elsasser @ mcafee.com

            • 3. Re: MWG Coaching Page with Comments
              flitcraft33

              I get errors sometimes with this and on IE 11 it just sits on the coaching page, never does the redirect. IE9 works fine, but IE11 no redirect. Chrome acts funny, I get either no redirect or an error. Any fix for this yet?