Authorized Override rule set

The Authorized Override rule set is a library rule set for imposing a time limit on web usage that can be passed by through the action of authorized user.

Library rule set – Authorized Override
Criteria – SSL.Client.Context.IsApplied equals true OR Command.Name does not equal “CONNECT”
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies to SSL-secured communication and to any other communication, which does not use the CONNECT command at the beginning.

The following rule sets are nested in this rule set:

  • Authorized Override With URL Configuration
  • Authorized Override With IP Configuration

    This rule set is not enabled initially.

  • Authorized Override With Authenticated User Configuration

    This rule set is not enabled initially.

Authorized Override With URL Configuration

This nested rule set handles authorized overriding related to URL categories.

Nested library rule set – Authorized Override With URL Configuration
Criteria – URL.Categories<Default> at least one in list URL Categories Blocklist for Authorized Override
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a user sends a request for a URL that falls into a category on the blocking list for authorized overriding related to URL categories.

The rule set contains the following rules:

Redirect after authenticating for authorized override
Quota.AuthorizedOverride.lsActivationRequest<URL Category Configuration> equals true AND Authentication.Authenticate<User Database> equals true –> Redirect<Redirection After Authorized Session Activation>
The rule redirects a request to let a user again access a web object after session time has been exceeded and the credentials the user submitted to continue with a new session have been validated.
The action settings specify a message to the requesting user.
Check if authorized override session has been exceeded
Quota.AuthorizedOverride.SessionExceeded<URL Category Configuration> equals true –> Block<Action Authorized Override Blocked>
The rule uses the Quota.AuthorizedOverride.SessionExceeded property to check whether the configured session time has been exceeded for a user. If it has, the user’s request for web access is blocked.
The URL Category Configuration settings, which are specified with the property, are the settings of the module that handles authorized overriding.
The action settings specify a message to the requesting user.

Authorized Override With IP Configuration

This nested rule set handles authorized overriding related to IP addresses.

Nested library rule set – Authorized Override With IP Configuration
Criteria – Client.IP is in list IP Blocklist for Authorized Override
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a user sends a request from a client with an IP address that is on the blocking list for authorized overriding related to IP addresses.

The rules in this rule set are the same as in the Authorized Override with URL Configuration rule set, except for the module settings in the rule criteria, which are IP Configuration.

Authorized Override With Authenticated User Configuration

This nested rule set handles authorized overriding related to user names.

Nested library rule set – Authorized Override With Authenticated User Configuration
Criteria – Authenticated.RawUserName is in list User Blocklist for Authorized Override
Cycle – Requests (and IM)

The rule set criteria specifies that the rule set applies when a request is sent by a user whose user name is on the blocking list for authorized overriding related to user names.

The rules in this rule set are the same as in the Authorized Override with URL Configuration rule set, except for the module settings in the rule criteria, which are Authenticated User Configuration.