3.6. Enable User Justification

Let's take the user coaching functionality a step further by enabling the user justification option which requires the user to provide a reason for accessing that destination.

3.6.1. Modify User Coaching iRule

1. In the BIG-IP TMUI, navigate to Local Traffic > iRules.

2. Click on the user-coaching-rule iRule to edit it.

   

3. Notice that the coaching message text is defined as a variable called COACHING_MESSAGE. This allows you to customize the message based on your organization's policies. Do not change it at this time.

   

4. Below that, notice that the JUSTIFICATION_LOGGING variable is set to "" (empty string).

   

5. In between the double quotation marks, enter on to enable this feature.

   

6. Click on the Update button to save your change.

   

3.6.2. Test User Justification

1. Return to the Ubuntu-Client WEBRDP session.

2. Close the Firefox browser window and restart the application.

3. Navigate to https://copilot.microsoft.com/ again. Since you acknowledged the user coaching prompt previously (without requiring justification), you will not be prompted again.

4. Navigate to a new site: https://gemini.google.com/. Now, the user coaching prompt appears but also includes a text box for users to enter a justification/reason for accessing that destination.

   

5. Enter research and testing in the text box and click on the Submit button to acknowledge the warning and terms of use policy. You will then be presented with the requested destination web site.

3.6.3. Review User Coaching Logs

The user coaching iRule has logging enabled (currently local logging, but could be sent to an external log collector or SIEM). Let's take a look at what has been logged.

1. Return to the BIG-IP SSL Orchestrator Web Shell tab.

2. Enter grep ALERT-COACHING-TRIGGER /var/log/ltm to extract the user coaching logs from the LTM log file. You should see log entries similar to the following: