search cancel

Blocking a category but allowing specific sites based on query string

book

Article ID: 175918

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Customer needs to block a specific category, in this case the Email category but needs to allow a specific site based on the query string sent to the web server

Environment

ProxySG 6.5.x

SSL interception needs to be enabled (unless the site is purely http based)

 

Cause

Customer needs to block all URLS that match the email category but needs to allow access to a site if the query sent to the site matches the following

 

https://emailserver.com/?domain=different_emailserver.com

 

note that in order for ProxySG to be able to parse the contents of the query ssl interception needs to be enabled on ProxySG.

Typically by blocking the email category ProxySG will not be able to get to the point where it can check the contents of the query, in order to allow this to happen you need to first allow the CONNECT method to the emailserver.com site if and only if it matches the site in the query string otherwise you need to block the access. The following CPL will achieve this.

Resolution

<Proxy>
    url.domain="emailserver.com" condition=Connect_Method Allow    ; Rule 1
    condition=complete_URL Allow    ; Rule 2
    request.header.Referer="different_emailserver.com" Allow ; Rule 3
    exception(content_filter_denied)    ; Rule 4
    
define condition Connect_Method
    http.method=(CONNECT)
end condition Connect_Method

define condition complete_URL
    url.domain="emailserver.com" url.query.substring="different_emailserver"
end condition complete_URL