search cancel

Allow access to "linkedin.com/learning" when domain "linkedin.com" is blocked

book

Article ID: 255705

calendar_today

Updated On:

Products

SG-VA ProxySG Software - SGOS

Issue/Introduction

We need to allow access Linkedin sub-URLs e.g. "linkedin.com/learning" when main domain "linkedin.com" is blocked

 

Resolution

Issue - Need to allow access to "www.linkedin.com/learning" but deny access to "www.linkedin.com"

Troubleshooting - 

In order to achieve this we will require SSL interception to be enabled and 3 separate rules in the VPM.

After enabling SSL interception, please create rules in Web Access Layer as follows - 

Rule 1 :

Source - Any,

Destination - Request URL Advanced Match, Action Allow (Refer screenshot below) - 

 

This rule will allow access to requested URL where domain is "www.linkedin.com" and URL path begins with "/learning"

Rule 2 : 

Source - Request Header (Referer) www.linkedin.com ,

Destination - Any

Action - Allow 

This rule will ALLOW requests where HTTP Header "Referer" will have value as "www.linkedin.com"

Rule 3 : 

Source - Any

Destination - Any

Service - Protocol Methods, Protocol -  HTTP, Method - CONNECT

Action - ALLOW

This rule is created to allow request transactions where HTTP method is CONNECT.

Once above 3 rules are created, Proxy will be able to intercept the SSL traffic for Linkedin and will allow only those URLs which have "/learning" at the beginning of their path.

Please note, SSL interception is required for this solution to work.

Attachments