I want to allow access to a single Google document without allowing access to all of docs.google.com.
Use the following CPL to allow granular control over the Google Docs files accessed, in both transparent and explicit proxy deployments:
NOTE: SSL Interception is required if you are using an explicit connection.
<Proxy> url.domain="docs.google.com" ; Guarded so only docs.google.com activates layer
condition="connect_method" Allow ; Needed for Explicit connections
condition="google_docs_allow" Allow ; What needs to be allowed
url.domain="docs.google.com" Deny ; Deny everything else in google docs
define condition "connect_method"
end condition "connect method"
define condition "google_docs_allow"
url.path.substring="/path/of/the/document" ; edit this to match the path of the document you are trying to reach
end condition "google_docs_allow"