Customer needs to block a specific category, in this case the Email category but needs to allow a specific site based on the query string sent to the web server
SSL interception needs to be enabled (unless the site is purely http based)
Customer needs to block all URLS that match the email category but needs to allow access to a site if the query sent to the site matches the following
note that in order for ProxySG to be able to parse the contents of the query ssl interception needs to be enabled on ProxySG.
Typically by blocking the email category ProxySG will not be able to get to the point where it can check the contents of the query, in order to allow this to happen you need to first allow the CONNECT method to the emailserver.com site if and only if it matches the site in the query string otherwise you need to block the access. The following CPL will achieve this.
url.domain="email.example.com" condition=Connect_Method Allow ; Rule 1
condition=complete_URL Allow ; Rule 2
request.header.Referer="different_email.example.com" Allow ; Rule 3
exception(content_filter_denied) ; Rule 4
define condition Connect_Method
end condition Connect_Method
define condition complete_URL
end condition complete_URL