https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/474140#M103349 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a></P><P>You can't gather the User Agent string for encrypted traffic as far as I'm aware. You can look through the string contexts <A href="https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/custom-signature-contexts/string-contexts.html" target="_self">HERE</A>&nbsp;along with what data is available, but fairly certain you won't get this unless you decrypt traffic.&nbsp;</P> Thu, 17 Mar 2022 20:07:30 GMT BPry 2022-03-17T20:07:30Z https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/473549#M103298 <P>Hello,</P><P>We have an object so that from the wifi networks for mobile devices (mobile or tablets) if you connect by a pc to it can not go out.<BR />We are doing this for the Vulnerability with the Threat id XXXX with the condition Pattern -mach http-req-headers and there are different headers.<BR />The problem is that when the traffic is HTTPS it does not show the header and allows the navigation for laptops.<BR />Can you tell us how we can block this traffic only for pc?</P><P>Any idea?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Alpalo_0-1647425327125.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39687i78BDF5D811855170/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Alpalo_0-1647425327125.png" alt="Alpalo_0-1647425327125.png" /></span></P><P>&nbsp;</P> Wed, 16 Mar 2022 10:14:33 GMT https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/473549#M103298 Alpalo 2022-03-16T10:14:33Z https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/473639#M103308 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a>,</P><P>Unless you are decrypting traffic you would need to add signatures with one of the SSL contexts specified.&nbsp;</P> Wed, 16 Mar 2022 14:01:05 GMT https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/473639#M103308 BPry 2022-03-16T14:01:05Z https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/474094#M103345 <P>to which of the specified SSL contexts do you refer?</P> Thu, 17 Mar 2022 16:26:59 GMT https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/474094#M103345 Alpalo 2022-03-17T16:26:59Z https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/474140#M103349 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a></P><P>You can't gather the User Agent string for encrypted traffic as far as I'm aware. You can look through the string contexts <A href="https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/custom-signature-contexts/string-contexts.html" target="_self">HERE</A>&nbsp;along with what data is available, but fairly certain you won't get this unless you decrypt traffic.&nbsp;</P> Thu, 17 Mar 2022 20:07:30 GMT https://live.paloaltonetworks.com/t5/general-topics/using-objects-custom-vulnerability/m-p/474140#M103349 BPry 2022-03-17T20:07:30Z