How to allow video on bloomberg website while there is a deny rule for streaming or default policy is deny
search cancel

How to allow video on bloomberg website while there is a deny rule for streaming or default policy is deny

book

Article ID: 166296

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

you block Audio, TV, streaming categories in the policy and you want to allow streaming videos from bloomberg website

The default policy is deny and you want to allow video streaming from bloomberg.com

you allowed bloomberg.com as a destination and a request header referrer but still you can't stream videos from bloomberg.com.

Perquisite: SSL interception should be enabled and the below websites should be intercepted by ssl intercept layer

To resolve the issue, add the following to the local policy file:

  1. Log in to the Management Console: 
    https://<appliance_IP_address>:8082
     
  2. Select Configuration > Policy > Policy Files.
  3. In the Install Policy section, beside Install Local File from, select Text Editor.
  4. Click Install. A dialog appears.
  5. Copy the following policy and paste it into the dialog:
    <Proxy>

     Allow condition=bloomberg_others

    <Proxy>

    Allow Condition=bloomberg_request_header_others

    ; Definitions

    define condition bloomberg_others

    url.host.substring=bloomberg.com
    url.host.substring=ad.doubleclick.net
    url.host.substring=cdn.gotraffic.net
    url.host.substring=adadvisor.net
    url.host.substring=cds.z5t8n6p8.hwcdn.net
    url.host.substring=level3.cedexis.com
    url.host.substring=cloudfront.cedexis.com
    url.host.substring=geo.gateway.messenger.live.com
    url.host.substring=col127.mail.live.com
    url.host.substring=plus.google.com
    url.host.substring=idsync.rlcdn.com
    url.host.substring=cs600.wac.edgecastcdn.net
    url.host.substring=disqus.com
    ;url.host.substring=googleleads.g
    url.host.substring=safebrowsing.clients.google.com
    url.host.substring=aus3.mozilla.org
    url.host.substring=services.addons.mozilla.org
    url.host.substring=versioncheck-bg.addons.mozilla.org
    url.host.substring=updates.defaulttab.com
    url.host.substring=ffupdate.conduit-services.com
    url.host.substring=pubads.g
    url.regex="akamaihd"
    url.host.substring=lphbs.com
    url.host.substring=googleads.g

    end

    define condition bloomberg_request_header_others

    request.header.Referer="bloomberg.com"
    request.header.Referer="ad.doubleclick.net"
    request.header.Referer="cdn.gotraffic.net"
    request.header.Referer="cds.z5t8n6p8.hwcdn.net"
    request.header.Referer="level3.cedexis.com"
    request.header.Referer="cloudfront.cedexis.com"
    request.header.Referer="cs600.wac"
    request.header.Referer="disqus.com"
    request.header.Referer="googleleads.g"
    request.header.Referer="akamaihd"
    request.header.Referer="pubads.g"
    request.header.Referer="lphbs.com"

    end
            
  6.  Click Install.

 

Important note: Based on my observation on April 11th 2014, I have found out that bloomberg refers the browser to other websites, then when the browser requests the object on this referred website, this website refer the browser to another domain and so on. That's why there are many domains allowed here. Please note that by installing this policy, there will be a security holes, becasue it will all the domains mentioned under "url.host.substring" this MUST be taken into considerations

P.S: Please keep in mind that bloomberg.com is a very dynamic webiste and the above policy might not be working if any URL changed, this policy works and tested on April 11th 2014. You need to update this policy as required. You can run a policy trace and see if there is DENY or Exception happened so you can add this domain accordingly in case you can't stream videos.

Powered by Wolken Software