search cancel

Blocking a category but allowing specific sites based on query string


Article ID: 175918


Updated On:


ProxySG Software - SGOS


Customer needs to block a specific category, in this case the Email category but needs to allow a specific site based on the query string sent to the web server


ProxySG 6.5.x

SSL interception needs to be enabled (unless the site is purely http based)



Customer needs to block all URLS that match the email category but needs to allow access to a site if the query sent to the site matches the following


note that in order for ProxySG to be able to parse the contents of the query ssl interception needs to be enabled on ProxySG.

Typically by blocking the email category ProxySG will not be able to get to the point where it can check the contents of the query, in order to allow this to happen you need to first allow the CONNECT method to the site if and only if it matches the site in the query string otherwise you need to block the access. The following CPL will achieve this.


    url.domain="" condition=Connect_Method Allow    ; Rule 1
    condition=complete_URL Allow    ; Rule 2
    request.header.Referer="" Allow ; Rule 3
    exception(content_filter_denied)    ; Rule 4
define condition Connect_Method
end condition Connect_Method

define condition complete_URL
    url.domain="" url.query.substring="different_emailserver"
end condition complete_URL