Allow viewing of Twitter tweets for a specific LDAP or IWA group
search cancel

Allow viewing of Twitter tweets for a specific LDAP or IWA group

book

Article ID: 165344

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 You want to block Twitter for all users, except allow viewing (not tweeting) for a specific LDAP or IWA group.

Resolution

 Add the following to a CPL layer in the VPM or to your local policy file.

 

<Proxy>

    ALLOW condition= allow_twitter

    ALLOW condition= Destination-twitter http.method=(CONNECT, GET)

    ALLOW http.method=(CONNECT, GET) request.header.Referer= CombinedDestinationtwitter

    DENY url.domain=//twitter.com/

 

define condition Destination-twitter

    url.domain=//twitter.com/

    url.domain=//twimg0-a.akamaihd.net/

    url.domain=//twimg.com/

end

 

define condition Destination-twitter-specific

    url.domain="//twitter.com/sessions"

    url.domain="//twitter.com/logout" ;allowing logout

    url.domain="//api.twitter.com/1/friendships" ;allowing follow

    url.domain="//twitter.com/scribe"

    url.host=twitter.com url.path.substring=/login/twitter ;enables captcha for login page

end

define condition allowed

(use this line for IWA)    realm=ADD_REALM_NAME_HERE="CN=ADD_GROUP_NAME_HERE" 

(use this line for LDAP) realm=ADD_REALM_NAME_HERE="CN=ADD_GROUP_NAME_HERE,OU=ADD_OU_HERE,dc=ADD_DOMAIN_HERE,dc= ADD_DOMAIN_HERE " 

end

define condition allow_twitter

condition=allowed condition=Destination-twitter-specific

end

 

 

Powered by Wolken Software