Block a particular Google Document

cancel
Showing results for 
Search instead for 
Did you mean: 

Block a particular Google Document

L1 Bithead

Greetings,

One of my users forwarded me a phishing email that points to Google Docs to collect information (username/password). The URL looks like:  "https://docs.google.com/a/b/c/viewform?formkey=asdfasdfasdfasdf" (not the real url). Is there a way to block one google doc in PANOS?

Thanks,

Dave M

3 REPLIES 3

L6 Presenter

You should be able to create your custom threat signature to detect this and block (and log) when this particular link is being clicked on.

The tricky part might be how to create the signature so it will limit number of false positives but at the same time not miss any of the many domainnames which google can use for the access. Meaning is it enough if you do something like:

base application: google-docs

host: *.google.*

AND

uri: /a/b/c/viewform?formkey=asdfasdfasdfasdf

I think you might need ssl decryption aswell since this is https.

L3 Networker

Im having the same problem in a big way. I thought URL Filtering was suppose to be able to block websites through SSL even without decryption. I understand the custom block page not being allowed but I thought enough of the header was readable to throw up at least an ugly ACCESS Denied page.

Google Docs is sending us fresh SSL based phishing schemes like almost every day. Not good !!

You must have ssl decryption running in order to be able to see which URL is being requested within the SSL/TLS session.

But I dont know if the url-filter in PA also includes ip addresses since you must specify url-categories when you setup the ssl decryption rules.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!