When adding more headers to EdgeSWG Policies to restrict Office 365 Access via Controlling Office 365 access using tenant restrictions on Edge SWG (ProxySG) using TRv1, you encounter the following error:
% Load failed with error(s)
Error: Input line too long
central:20: set(request.x_header.Rest
Error: Expecting a valid action identifier, or an end to the current action definition: ''
central:20: set(request.x_header.Rest
Edge SWG (ProxySG) with Office 365 Tenant Restriction policies
There is an 8 KB string length limitation on HTTP headers in EdgeSWG.
Suppose you have existing "TenantHeader" Object that you have in your existing policy to restrict Tenants such as:
define action TenantHeaders
set(request.x_header.Restrict-Access-To-Tenants, "sub_domain_1.onmicrosoft.com, ........, sub_domain_250.onmicrosoft.com")
end action TenantHeaders
You can create another policy object called "MoreTenantHeaders" to append additional headers to the "TenantHeaders" Object like this:
define action MoreTenantHeaders
append(request.x_header.Restrict-Access-To-Tenants, "sub_domain_300.onmicrosoft.com, ........,sub_domain_340.onmicrosoft.com")
end action MoreTenantHeaders
When calling the objects in a policy rule, ensure that the new "MoreTenantHeaders" object comes before the original object on the policy rule line:
<Proxy>
condition=TenantRestrictionDestinations action.MoreTenantHeaders(yes) action.TenantHeaders(yes)