Users accessing internet sites via Cloud SWG using IPSEC access method.

One user reported problems accessing PDF files that were previously accessible.

HAR file from browser shows blocks (403 status responses) from acrobat.adobe.com domain, and not the site the user was downloading PDF file from.

Using CURL to download the file would work fine from the same host.

Cloud SWG.

All access methods.

Adobe Acrobat plugin installed on browser, which creates additional requests before downloading required PDF file.

Two solutions exist to this problem:

1. remove the Adobe Acrobat plugin (which was done here) or

2. grant users access to the File Storage/Sharing category (blocked by default on this tenant). The PDF being accessed was categorised as "Office/Business Applications", and all other users were ALLOWed to access this category. When using the plugin, the additional requests to adobe.acrobat.com (categorised as File Storage/Sharing) were blocked and hence the PDF was not served.

Browser plugs can generate extra request to sites you do not expect to be reaching - only install plugins that have been tested and approved by the organisation.