Time Quota rule set

The Time Quota rule set is a library rule set for imposing time quotas on web usage.

Library rule set – Time Quota
Criteria – SSL.Client.Context.IsApplied equals true OR Command.Name does not equal “CONNECT”
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies to SSL-secured communication and to any other communication, which does not use the CONNECT command at the beginning.

The following rule sets are nested in this rule set:

  • Time Quota With URL Configuration
  • Time Quota With IP Configuration

    This rule set is not enabled initially.

  • Time Quota With Authenticated User Configuration

    This rule set is not enabled initially.

Time Quota With URL Configuration

This nested rule set handles time quotas related to URL categories.

Nested library rule set – Time Quota With URL Configuration
Criteria – URL.Categories<Default> at least one in list URL Categories Blocklist for Time Quota
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a user sends a request for a URL that falls into a category on the blocking list for time quotas related to URL categories.

The rule set contains the following rules:

Redirecting after starting new time session
Quota.Time.lsActivationRequest equals true –> Redirect<Redirection After Time Session Activation>
The rule redirects a request to let a user again access a web object after session time has been exceeded and the user has chosen to continue with a new session.
The action settings specify a message to the requesting user.
Check if time session has been exceeded
Quota.Time.Session.Exceeded<URL Category Configuration> equals true –> Block<ActionTimeSessionBlocked>
The rule uses the Quota.Time.SessionExceeded property to check whether the configured session time has been exceeded for a user. If it has, the user’s request for web access is blocked.
The URL Category Configuration settings, which are specified with the property, are the settings of the module that handles time quotas.
The action settings specify a message to the requesting user.
Check if time quota has been exceeded
Quota.Time.Exceeded<URL Category Configuration> equals true –> Block<ActionTimeQuotaBlocked>
The rule uses the Quota.Time.Exceeded property to check whether the configured time quota has been exceeded for a user. If it has, the user’s request for web access is blocked.
The URL Category Configuration settings, which are specified with the property, are the settings of the module that handles time quotas.
The action settings specify a message to the requesting user.

Time Quota With IP Configuration

This nested rule set handles time quotas related to IP addresses.

Nested library rule set – Time Quota With IP Configuration
Criteria – Client.IP is in list IP Blocklist for Time Quota
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a user sends a request from a client with an IP address that is on the blocking list for time quotas related to IP addresses.

The rules in this rule set are the same as in the Time Quota with URL Configuration rule set, except for the module settings that appear in the rule criteria, which are IP Configuration.

Time Quota With Authenticated User Configuration

This nested rule set handles time quotas related to user names.

Nested library rule set – Time Quota With Authenticated User Configuration
Criteria – Authenticated.RawUserName is in list User Blocklist for Time Quota
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a request is sent by a user whose user name is on the blocking list for time quotas related to user names.

The rules in this rule set are the same as in the Time Quota with URL Configuration rule set, except for the module settings that appear in the rule criteria, which are Authenticated User Configuration.