ProxySG & Advanced Secure Gateway

Hi Team,

We couldn't allow only the particular url.

the only url needs to allow: yammer.com/axa.com (rest of the url in this domain should be blocked)

Eg: yammere.com should be blocked.

We have confurgured the below policy but no luck.

<proxy>

Hi Team,

Any luck on this?

Thanks,

Ram.

Hi Ram,

              The policy is good but will have a difference if the request is hitting the proxy "Explicitly". Also SSL Interception for this domain is a must for the proxy to see it.

               For explicit proxy, the first request hitting the proxy will be a CONNECT request. So allowing that is also a must for the next step of SSL Interception to complete. Try with the below policy and see whether it helps.

<proxy>
url.host.substring="yammer.com" url.path.prefix="/axa.com" ALLOW
http.method=CONNECT url.domain=//yammer.com/ Allow
url.domain=//yammer.com/ deny

Note: You may also need to allow supporting sites like CDN to load the page completely.

Dear Aravind,

Thank you for the update.

CDN supporting sites?. i couldn't understand that.

could you pease provide CDN supporting sites for reference.

Thanks,

Ram.

Hi Ram,

              CDN (Content Delivery Network) are supporting webservers/domains which help in hosting files needed for the website to load. You can read about them at https://www.webopedia.com/TERM/C/CDN.html . It is possible that Yammer is also using such sites to load files. Do check via packet capture or browsers developer-tool to see these domains and then allow them too via policy.

Hi Team,

We couldnot deny only the particular subdomain below urls

https://support.google.com/cloudprint

www.google.com/cloudprint#printers

http://www.google.com/intl/en/cloudprint/learn/printers/

Please let us know how we can block only those subdomains. We have enabled vpm policy to block those subdomains but no luck

https://<url> can access those url

Http://<url> cannot access those url --  is this expected behaviour.

Thanks,

Ram.

Hi Ram,

                    The reason why HTTP access is blocked is that proxy is able to see the URI portion and able to put the block. At the same time, for HTTPS, the URI will be only visible if the request is SSL interception. For enforcing this policy, you will need to enable SSL Interception for domain google.com.

As for your original question about Yammer: Only allowing yammer.com/axa.com will not be enough, since Yammer loads images, stylesheets and scripts also from other directories within the domain yammer.com

If you want to block all Yammer networks which do not belong to your company, then you should have a look at the Microsoft tenant restrictions: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions These will allow you to block the login to Office365 environments which belong to other, unknown people. This is also mentioned in the Symantec Office365 best practices guide: https://support.symantec.com/en_US/article.DOC9757.html