Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Sample Routine: Category_And_Domain_Coaching

The Category_And_Domain_Coaching routine is for allowing a user's request to access a website that would otherwise be blocked if the user confirms there is a business reason for accessing it.

Handling a user's request in this way is also known as coaching. Two complex rules for coaching are included in this routine. They perform coaching based on URLs for particular domains and on URL categories.

Reviewing this routine in the code view and reading what is explained here about it, should improve your understanding of how an individual routine works.

You can access the code view for this routine from the Web Policy — Category & Domain Coaching page, which belongs to the Web Filtering branch of the policy tree.
 

Initial part

This part of the routine includes the usual ROUTINE term, routine name, processing cycle in which the routine is run, and enabling information.

ROUTINE Category_And_Domain_Coaching ON (Web.Request) [enabled="true"]

Only Web.Request is specified here as the processing cycle because this is a routine for filtering requests for access sent by users to websites.

Variable setting

There are four variables set in this part for use later in the routine.

  • Two of them are used to determine if there is a time limit for a coaching session and, if so, what this limit is.
BOOLEAN sessionTTL = TRUE
NUMBER coachSessionMinutes = 60
  • Another variable is used to determine if the coaching that this routine enables is to be performed based on URLs for particular domains or not. The list of URLs that the rule for enabling URL-based coaching relies on is specified as well.

It is also specified how this list relates to the list of URLs for coaching that is provided using the list catalog in Skyhigh Security Service Edge.

BOOLEAN coachByURL = TRUE
MWG.SmartMatchList coachURLs = Web_Filtering_Coach_URLs

A similar variable is set for coaching based on URL categories. The relevant lists are also specified.

BOOLEAN coachByCategory = TRUE
VECTOR<MWG.UrlCategory> coachCategories = Coach_URL_Categories

These variables can also be set using options on the normal user interface.

IF-THEN statements

In this part, there are two complex IF-THEN statements (rules) for performing coaching based on different criteria.

  • A rule for coaching based on URLs for particular domains
  • A rule for coaching based on URL categories

These rules are explained here in more detail:

  • Coaching based on URLs for particular domains — This coaching rule relies on a list with URLs for domains. When a user requests access to a domain with a URL that is in this list, it is granted with coaching.

To perform the coaching itself, the rule calls another routine, which is not explained here.

CALL "CoachingAction"

The complete code for this rule looks like this.

IF coachByURL AND MWG.Url.SmartMatch (coachURLs) THEN {
        callParameter = callParameter.Set ("coaching_session_minutes",
    coachSessionMinutes)
        callParameter = callParameter.Set ("coaching_session_id", "coachURL")
        CALL ("CoachingAction")
        END
}

Code items are used here as follows.

  • There are two conditions.
IF coachByURL AND MWG.Url.SmartMatch (coachURLs)

The first of them is met if the value coachByURL variable is TRUE. This means that coaching based on URLs for particular domains is performed. The variable can be set in the variable setting part of the routine.

The second condition is met if the MWG.Url.SmartMatch function returns that the URL of a particular domain is in the coachURLs list.

  • If both conditions are met, the THEN clause applies.
THEN {
callParameter = callParameter.Set ("coaching_session_minutes", coachSessionMinutes)
callParameter = callParameter.Set ("coaching_session_id", "coachURL")
CALL ("CoachingAction")
}

Coaching is not performed by a procedure here. The "CoachingAction" routine is called instead to handle the coaching.

Before this routine is called, two sets of call parameters, including the session length, the session ID, and the list with the URLs for coaching, are handed over.

  • Coaching based on URL categories — This coaching rule relies on a list with URL categories. When a user requests access to a domain with a URL that falls under a category in this list, it is granted with coaching.

To perform the coaching itself, the rule calls another routine, which is not explained here.

CALL ("CoachingAction")

The complete code for this rule looks like this.

// Coaching action for URLs Whose Category is Listed in Coached URL Categories
IF coachByCategory AND coachCategories.Overlaps (MWG.UrlCategories (MWG.LAST_USED_config))
THEN {
            callParameter = callParameter.Set ("coaching_session_minutes",
     coachSessionMinutes)
            callParameter = callParameter.Set ("coaching_session_id", "coachCategories")
            CALL ("CoachingAction")
            END
}

This rule has the same structure and uses mostly the same code items as the rule for coaching based on URLs for particular domains. The following is different:

  • A different variable is evaluated to find out whether the condition is met that the rule is enabled. Its name is coachByCategory, not coachByURL.
IF coachByCategory
  • A list with URL categories is used to find out when coaching is to happen. Its name is coachCategories. If a website that a user requests access to has a URL that falls under a category in this list, access is not blocked, but allowed with coaching.
     
  • A different method is used to find out whether a particular URL category is in this list.
coachCategories.Overlaps (MWG.UrlCategories (MWG.LAST_USED_config)

This method checks whether there is an overlap between the list of URL categories for coaching and the URL category that the URL for the requested website falls under, or rather whether this URL category is in the list. Because a URL can fall under more than one category, the overlap can involve several categories.

The MWG.UrlCategories function, which is specified here as a parameter, retrieves the category or categories that the URL for the requested website falls under.

MWG.UrlCategories (MWG.LAST_USED_config)

The setting that this function uses while retrieving categories is provided by another function. The name of this function is MWG.LAST_USED_config. It is specified here as a parameter of the MWG.UrlCategories. function, which is itself a parameter of the method that finds out about the overlap.

  • Was this article helpful?