Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
0
Helpful
5
Replies

iCloud Photos regex

michaellperrin
Level 1
Level 1

‎03-10-2016 10:11 AM

Hello,

I'm trying to allow users to be able to send photo's with iMessage.

It's getting blocked due to policy however I would like to allow just the photo to be sent.

TCP_DENIED_SSL/403 0 POST https://p12-content.icloud.com:443/M184B68849E5AA0D8DEFF37E90C933887B4B372722FC2D76A7DFA5A8DB282A02C.C01USN00/authorizePut - NONE/- - BLOCK_WEBCAT_12-Elevated_Access_Policy-Corporate_Mobile_Devices-NONE-NONE-NONE-NONE <IW_osb,0.0,1,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_osb,-,"-","-","iCloud","File Sharing","iCloud Photos","-",0.00,0,Local,"-","-"> - "IMTransferAgent/1000 CFNetwork/758.2.8 Darwin/15.0.0"

Is there a way for me to allow that "iCloud Photos" in a custom cat with regex? If so what would the regex be?

I've tried \iCloud\Photos but that didn't work.

Thanks

Labels:
0 Helpful
5 Replies 5

Handy Putra
Cisco Employee
Cisco Employee

‎03-10-2016 02:34 PM

From the log that you provided, looks like it is block by the category of "Online Storage and Backup" in your "Elevated Access Policy" access policy. The easiest way is to un-block that category from your access policy. However if you still want to block that category and only allowing that access, you can create custom URL category with .icloud.com in it and include that custom category to your access policy and set to "allow" while still blocking online storage and backup category. According to the Post request in the logs, it will be difficult to use regular expressions since the file that uploaded might be using random links/hash/etc. Perhaps can try regex: \.icloud\.com/.*authorizePut This is providing in the link fir iCloud Photos will always has "authorizePut" in it
0 Helpful

michaellperrin
Level 1
Level 1
In response to Handy Putra

‎03-10-2016 04:31 PM

Yeah I don't want to allow all of the icloud domain or online storage and backup.

This is why I want to just allow the iphoto.  Right now users cannot send or recieve pictures with their iphone while on the corporate wireless, they need to disconnect and go on LTE which I want to avoid.

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to michaellperrin

‎03-10-2016 04:37 PM

You need to inspect the logs for iPhoto traffic that been blocked to see any similarity in the links (for example if they are all have wording of  "authorizePut")

Then you can use that regex to allow only \.icloud\.com/.*authorizePut  and block the all the domain

0 Helpful

michaellperrin
Level 1
Level 1
In response to Handy Putra

‎03-10-2016 04:40 PM

what about the  "IMTransferAgent/ part of the log?

\.icloud\.com/.*IMTransferAgent

would that be a thing?

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to michaellperrin

‎03-10-2016 04:43 PM

"IMTransferAgent/1000 CFNetwork/758.2.8 Darwin/15.0.0" in the log is the user agent used for the traffic.

You can not use it in the regex in the custom URL category.

If you allow based on user agent, you will be allowing all traffic from that user agent which you do not want to

0 Helpful
Customers Also Viewed These Support Documents