Create an exception suburls for the denied domain in ProxySG/EdgeSWG policy. Deny with exception
Article ID: 280791
Updated On:
Products
Issue/Introduction
Customer would like to allow an exception for downloading content from globally denied domain.
EXAMPLE:
- DENY all the links from https://subdomain.domain.com
- ALLOW exception https://subdomain.domain.com/detail/mfpddejbpnbjkjoaicfedaljnfeollkh
Environment
- Proxy: SGOS 7.4.1.1
- Default Policy service action: DENY
Resolution
Please create a new CPL Layer in VPM above the Web Access layer containing:
01. SSL-Interception layer for url subdomain.domain.com. This is a must for filtering the sub-urls:
CPL LAYER CODE:
<ssl-intercept>
url.domain="subdomain.domain.com" ssl.forward_proxy(yes)
02. Create exception code:
CPL LAYER CODE:
<proxy>
url.host.exact="subdomain.domain.com" url.path.prefix="/detail/mfpddejbpnbjkjoaicfedaljnfeollkh" Allow
url.host.exact="subdomain.domain.com" url.path.prefix="/detail/delinea-web-password-fill/mfpddejbpnbjkjoaicfedaljnfeollkh" Allow
request.header.Referer="subdomain.domain.com" Allow
url.domain="subdomain.domain.com" http.method=CONNECT allow
This has been tested with the plain Policy with default DENY and it allowed only specific substring url to be accessed.
Additional Information
Other KB articles:
- Allow access to "linkedin.com/learning" when domain "linkedin.com" is blocked https://knowledge.broadcom.com/external/article/255705
Feedback
