I was about to post a similar question, so I'll tag along with this post and hope to get an answer.
What I've noticed is that even though the full request is https://docs.google.com/forms/d/[long string of junk here]/viewform, all URL properties only return docs.google.com. The problem in my case is that I don't want to open all of Google Docs. I just want to allow a particular form. This has worked great in the past for whitelisting specific youtube videos based on matching a string in the URL, but it doesn't seem to work here. I'm thinking it might be because the initial connect request goes to docs.google.com due to SSL. The get request for the specific form/page doesn't occur until after the connection is established.
Are there any other properties that I'm missing that I might be able to match against? Looks like the same answer would also solve the question posted above as well.
1 of 1 people found this helpful
The most important thing to remember is that you have to do Content Inspection for any of this to work. Without it, as Trevor has indicated, you only have the host available for filtering and the rest of the URL & URL Path is encrypted inside the tunnel. See https://community.mcafee.com/docs/DOC-4810
Once you have Content Inspection enabled, the access.log is going to be a good way to troubleshoot this. Start by creating your basic exceptions for URL and then check the access.log after each unsuccessful attempt to load the page and look for any URLs that have a status code of 403 (blocked) to determine the additional URLs or Hosts that need to be allowed.
We have already content inspection + SSL Scaner in place.
The strange is the in access.log the session is blocked by category block rule even there is whitelist rule before category block. The Allow rule is:
Stop ruleset (Content filter) if URL matches in list. In the list I use several URLs:
as criteria. Such urls seems to be needed for GD viewer components and images.
This should solve loadbalancer as https://1.docs.google.com/a/tacr.cz/file/* etc.
But this combination still does not work. Looking in linked document, I will need to add CERTVERIFY command condition in rule.
I will give a try.
Rule engine traces could be very helpful in determining why your whitelists are potentially not matching. Feel free to upload to our ftp server and let me know the filenames if you want me to take a look.
How / where can I upload trace file ? What is requested ftp server address ?
Shouldn't we be able to use the new Application Filter feature for this? Oh wait... it contains applications but no application functions yet. SCNR
Allowing the CONNECT and CERTVERIFY commands exclusively for that host prior to checking against the URL filter did the trick. Hopefully Lubomir is able to produce the same results after a bit of work with the rule set.
I have no luck during ftp transfer. I can see no folders on ftp using credentials from document on any listed ftp servers.
It seems that connection will not stop on specific rule. Please, can you look at trace files + access.log ? I uploaded this to my portal http://www.lcerny.cz/ke-stazeni/ostatni/google-docs-debug/download.html
There should be some issue in SSL scaner. Specific rule can match host but no URL path even I have CONNECT and CERTVERIFY condition as described by your first document :-(