Create a policy that blocks uploading files to Google Drive but allow viewing and downloading files
Users are not allow to upload files to Google Drive but are allowed to view, navigate, and download files from Google Drive.
Policy works for Explicit Deployment on all browsers.
Policy does not work for Chrome browser for Transparent Deployment, because Chrome browser uses QUIC protocol to upload files to Google Drive.
- Launch Visual Policy Manager (VPM)
- Policy > Add Web Access Layer..., give a name to the Web Access Layer
- Source: set the source who is subjected to the policy
- Leave out Service
- Time: setup the time restriction if needed
- Action = Deny
Destination:
-
New... > Request URL... > Simple Match/URL: drive.google.com
-
New... > Request URL... > Simple Match/URL: docs.google.com
-
New... > Request URL... > Simple Match/URL: clients1.google.com
-
New... > Request URL... > Simple Match/URL: clients2.google.com
-
New... > Request URL... > Simple Match/URL: clients3.google.com
-
New... > Request URL... > Simple Match/URL: clients4.google.com
-
New... > Request URL... > Simple Match/URL: clients5.google.com
-
New... > Request URL... > Simple Match/URL: clients6.google.com
-
New... > Request URL... > Regular Expression Match/RegEx: upload
New... > Combined Destination Object..., give a name to the Object
Locate the four websites on the left panel, and Add>> to the right upper panel,
Locate the upload on the left panel, and Add>> the upload to the right lower panel
7. Click OK > click OK > Install Policy
Note:
You may notice this rule might not work in some scenarios for example if the customer is using http/2 protocol.
You will be able to see this using a developers tool in the browser.
In versions prior to SGOS 7.1, the only way to make this rule work is to disable the browser from using http/2 which will then use http. If that is not an option then we can only block clients6.google.com which will include downloading as well.