We need to allow access Linkedin sub-URLs e.g. "linkedin.com/learning" when main domain "linkedin.com" is blocked
Issue - Need to allow access to "www.linkedin.com/learning" but deny access to "www.linkedin.com"
Troubleshooting -
In order to achieve this we will require SSL interception to be enabled and 3 separate rules in the VPM.
After enabling SSL interception, please create rules in Web Access Layer as follows -
Rule 1 :
Source - Any,
Destination - Request URL Advanced Match, Action Allow (Refer screenshot below) -
This rule will allow access to requested URL where domain is "www.linkedin.com" and URL path begins with "/learning"
Rule 2 :
Source - Request Header (Referer) www.linkedin.com ,
Destination - Any
Action - Allow
This rule will ALLOW requests where HTTP Header "Referer" will have value as "www.linkedin.com"
Rule 3 :
Source - Any
Destination - Any
Service - Protocol Methods, Protocol - HTTP, Method - CONNECT
Action - ALLOW
This rule is created to allow request transactions where HTTP method is CONNECT.
Once above 3 rules are created, Proxy will be able to intercept the SSL traffic for Linkedin and will allow only those URLs which have "/learning" at the beginning of their path.
Please note, SSL interception is required for this solution to work.