Re: whitelisting a specific url but block the whole domain

ccg-security · ‎12-18-2018

Hello Team,

May we inquire on how we can proceed with whitelisting a specific url but block the whole domain using regular expression.

Example:
We would like to whitelist specific url of google drive but block all Google Drive domain.

Handy Putra · ‎12-19-2018

Hi,

Since Google Drive will use HTTPS traffic, in order for WSA to see the full path URI, the traffic will need to be decrypted first otherwise WSA can only see the parent domain only (if its transparent mode - WCCP, WSA can only see the destination IP only when HTTPS proxy enabled).

If HTTPS proxy disabled, again WSA can only see the parent domain and can not see the full path URI of Google Drive since the traffic still encrypted and will not be decrypted.

Once you have decrypted the traffic and can see the Google Drive path that you want to allow, you will need to create regular expression for it in the Access Policy (the traffic will goes to Decryption Policy first, then decryption policy will perform decrypt, once decrypted it will goes to access policy with GET HTTPS).

The regular expression can looks something like below:

If the google drive example is https://drive.google.com/file/d/0B_8MvR3bUemJSEFCakh4X2dXYjg/view?usp=sharing

if you want to match google drive with 'file' as path and has 'sharing' word in it:

regex can be something like: drive.google.com\/file\/.*sharing

Best Regards

Handy Putra

Josiane de Barros Silva · ‎01-28-2019

Hi CCG Were you able to solve the problem? To block a domain you could create a custom category to block, address = .drive.google.com by placing a (.) Period before the domain, everything related to the domain drive.google.com will be blocked. Hope this helps! Best Regards, Josiane