We have the hostname "twitch.tv" re-categorized as Internet Radio/TV which is in our category block list. Is it possible for us to also permit this specific URL "https://www.twitch.tv/UGC"? We have the SSL scanner rule enabled, but I haven't been able to figure out how to allow just that specific site. Is it possible? Thanks.
Dear @nashcoop ,
in first step i would suggesting to whitelist twitch.tv in your Category block Rule Set. You should be able to accesss all twich.tv channels without any issues(use stop rule set action). In second step you can create new Rule that check if url matches your string and block everything else.
Sample could be:
url.host matches *twitch.tv
and url.path dont matches UGC
the result should be to allow SSL scanner to pass in order to see URL Path criteria and than block everything that is not matches to your defined criteria.
Please check "Top Properties" tab. I expect this hab been blocked during CONNECT or CERTVERIFY cycle. Make sure this Rule is not been Triggered for CONNECT or CERTVERIFY and no other rule blocks during SSL Handshake process.
Top Properties screenshot is attached.
Block.Reason = Default Error Template
Command.Name = CONNECT
"Make sure this Rule is not been Triggered for CONNECT or CERTVERIFY and no other rule blocks during SSL Handshake process."
How do I make sure the rule is not triggering CONNECT?
simply add this to Rule Set criteria
Hi @nashcoop ,
just for reference to help other customers adding a sample rule set.
the first Rule restrict access to defined URL.Path, Unfortunately you where able to click on the left to other users and get access to other streams via twitch api without actually changing url.path.
Second is required to load content twitch request but block all those api requests to other channels.
This rule set is a quick and dirty sample that require further restrictions but show in general how it could work. I used debugging utilities form my browser to spot some URLs that are loaded in order to allow or restrict access.