search cancel

Allow Access to a Reddit sub-page but block access to Reddit main domain

book

Article ID: 174824

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

  • How to whitelist a Reddit subpage, but block access to the Reddit main domain.
  • A rule that allows access to the subpage; the connection will still fail if reddit.com is blocked when SSL intercept is enabled.

Cause

The explicit connection in explicit deployment the Proxy first performs a connect (this is the connection between the client and Proxy) request needs to be allowed. 

Environment

  • This solution is for Proxy in an explicit environment with SSL Intercept enabled for reddit.com 

Resolution

The following solution is based on allowing the /worldnews subpage on reddit and blocking the rest of the domain. 

Add the following CPL code to a local policy file  on the ProxySG

Check Add CPL to a local policy file on the ProxySG

<Proxy>  
    ALLOW http.method=CONNECT url.domain=//reddit.com/
    ALLOW url.domain=//reddit.com/r/worldnews
    DENY url.domain=//reddit.com/