Blocking a category but allowing specific sites based on query string
Article ID: 175918
Updated On:
Products
Issue/Introduction
Customer needs to block a specific category, in this case the Email category but needs to allow a specific site based on the query string sent to the web server
Environment
ProxySG 6.5.x
SSL interception needs to be enabled (unless the site is purely http based)
Cause
Customer needs to block all URLS that match the email category but needs to allow access to a site if the query sent to the site matches the following
https://email.example.com/?domain=different_email.example.com
note that in order for ProxySG to be able to parse the contents of the query ssl interception needs to be enabled on ProxySG.
Typically by blocking the email category ProxySG will not be able to get to the point where it can check the contents of the query, in order to allow this to happen you need to first allow the CONNECT method to the emailserver.com site if and only if it matches the site in the query string otherwise you need to block the access. The following CPL will achieve this.
Resolution
<Proxy>
url.domain="email.example.com" condition=Connect_Method Allow ; Rule 1
condition=complete_URL Allow ; Rule 2
request.header.Referer="different_email.example.com" Allow ; Rule 3
exception(content_filter_denied) ; Rule 4
define condition Connect_Method
http.method=(CONNECT)
end condition Connect_Method
define condition complete_URL
url.domain="email.example.com" url.query.substring="different_email"
end condition complete_URL
Feedback
