Hello,
I have a use-case I would like to share with you. When a customer configures its WSA with highly restrictive internet access like in the example below, it may trigger some issues :
1- allow internet access only for URLs defined in whitelist.
2- block ALL other requests.
Let's take the following example :
1- the customer only allow requests to www.siteA.com. siteA.com is the only URL included in its whitelist.
2- www.siteA.com contains many embedded objects (such as facebook like tags, youtube videos, links to partners sites, ...)
In this configuration, the end user will be allowed to reach siteA but the page will not be fully displayed. All the embedded objects not directly located on siteA will be missing.
With WSA, the easiest way I can imagine to solve the issue is to list all the embedded objects present on siteA, get back their URL and also add these URLs to the whitelist. But this solution if of course far to be really convenient since it involves to know exactly how each HTTP page you want to consult is built.
With other proxies, such as Bluecoat proxies or McAfee Web Gateway proxies for example, I used to solve this kind of issue by using the HTTP referer field (the URL you come from). For example with Bluecoat :
<Proxy>
ALLOW request.header.Referer.url.domain=//www.siteA.com/
=> All requested objects from siteA.com will be automatically allowed by the proxy, even if they are not part of my whitelist.
- Do you have a better suggestion than the one I'm currently using with WSA (adding each sites in whitelist) ?
- Would it be possible to add the field HTTP referer as a matching condition for Identities and access policies in your next release ?
Thanks in advance
Best regards
