Blocking access to all sites in a category except one site causes the site to be displayed incorrectly.
search cancel

Blocking access to all sites in a category except one site causes the site to be displayed incorrectly.

book

Article ID: 165413

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You have a requirement to block access to all sites of a specific category except for one specific site, for example, block all Social Networking sites except Facebook or all Audio/Video sites except YouTube. However, doing this produces an incomplete web page for that required site, for example, all images are missing or the formatting is incorrect.

 

Resolution

This Knowledge Base article uses Facebook as an example but the same solution applies to other sites, such as YouTube.
 
When you go to the Facebook site, the browser loads the home page and the various objects contained within the home page (.CSS, JPG, .JS, .GIF etc..). Many of these objects do not actually exist at www.facebook.com  but on another (subsidiary) domain, for example, http://b.static.ak.fbcdn.net/rsrc.php/zs/r/1HX6ENG455b.jpg. This subsidiary site is categorized by the proxy’s content filtering as Social Networking, which you are specifically blocking. Because these objects are not being loaded, the web page does not look correct.
 
To fix this issue, configure the proxy to allow all images on the Facebook web sites, no matter what site they are ultimately hosted on. You can do this by checking to see if the “Referer” header of the HTTP request indicates that the request to, e.g. b.static.ak.fbcdn.net, is coming from Facebook. Do the following.

In a new or existing Web Access Layer, create the following rules: 

  1. For the first rule, for Source, create a Request Header object using the Referer header to refer to http://www.facebook.com/.


     
  2. For the second rule, set the destination to be www.facebook.com. Allow access.
  3. For the third rule, set the destination to be the Social Networking category. Deny access.
  4. For the final rule, deny access. (This may not be necessary, depending on your configuration.)

Now, when someone goes to the Facebook site they will be allowed access. When the browser tries to load the images that exist on the subsidiary sites, the proxy will also allow them as it will know that they are being requested by the Facebook site.

Powered by Wolken Software