https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7502#M5547 <HTML><HEAD></HEAD><BODY><P>You must have ssl decryption running in order to be able to see which URL is being requested within the SSL/TLS session.</P><P></P><P>But I dont know if the url-filter in PA also includes ip addresses since you must specify url-categories when you setup the ssl decryption rules.</P></BODY></HTML> Tue, 08 May 2012 06:41:03 GMT mikand 2012-05-08T06:41:03Z https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7499#M5544 <HTML><HEAD></HEAD><BODY><P>Greetings,</P><P></P><P><SPAN>One of my users forwarded me a phishing email that points to Google Docs to collect information (username/password). The URL looks like:&nbsp; "</SPAN><A class="jive-link-external-small" href="https://docs.google.com/a/b/c/viewform?formkey=asdfasdfasdfasdf">https://docs.google.com/a/b/c/viewform?formkey=asdfasdfasdfasdf</A><SPAN>" (not the real url). Is there a way to block one google doc in PANOS?</SPAN></P><P></P><P>Thanks,</P><P></P><P>Dave M</P></BODY></HTML> Mon, 30 Apr 2012 18:21:48 GMT https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7499#M5544 dmarion 2012-04-30T18:21:48Z https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7500#M5545 <HTML><HEAD></HEAD><BODY><P>You should be able to create your custom threat signature to detect this and block (and log) when this particular link is being clicked on.</P><P></P><P>The tricky part might be how to create the signature so it will limit number of false positives but at the same time not miss any of the many domainnames which google can use for the access. Meaning is it enough if you do something like:</P><P></P><P>base application: google-docs</P><P>host: *.google.*</P><P>AND</P><P>uri: <A href="https://docs.google.com/a/b/c/viewform?formkey=asdfasdfasdfasdf">/a/b/c/viewform?formkey=asdfasdfasdfasdf</A></P><P></P><P>I think you might need ssl decryption aswell since this is https.</P></BODY></HTML> Mon, 30 Apr 2012 18:50:33 GMT https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7500#M5545 mikand 2012-04-30T18:50:33Z https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7501#M5546 <HTML><HEAD></HEAD><BODY><P>Im having the same problem in a big way. I thought URL Filtering was suppose to be able to block websites through SSL even without decryption. I understand the custom block page not being allowed but I thought enough of the header was readable to throw up at least an ugly ACCESS Denied page.</P><P></P><P>Google Docs is sending us fresh SSL based phishing schemes like almost every day. Not good !!</P></BODY></HTML> Tue, 08 May 2012 00:26:55 GMT https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7501#M5546 jhickey 2012-05-08T00:26:55Z https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7502#M5547 <HTML><HEAD></HEAD><BODY><P>You must have ssl decryption running in order to be able to see which URL is being requested within the SSL/TLS session.</P><P></P><P>But I dont know if the url-filter in PA also includes ip addresses since you must specify url-categories when you setup the ssl decryption rules.</P></BODY></HTML> Tue, 08 May 2012 06:41:03 GMT https://live.paloaltonetworks.com/t5/general-topics/block-a-particular-google-document/m-p/7502#M5547 mikand 2012-05-08T06:41:03Z