blocking google apps via URL

Reply
Highlighted
L1 Bithead

blocking google apps via URL

Our users are getting on a regualar base phishing mails in which they are asked to fill in their username and password by clicking on a link.

We don't have the URL categorizing license but are using URL filtering via custom URL filtering and that works fine (most of the time). We put the links of the phishing mails in the custom URL category with block as action.

As already told, this works fine except for the latest addition : a phishing site on google docs.

I copied the URL from the mail as always and added it to the list but it won't block for an unknown reason.

This is the URL we want to block : "docs.google.com/spreadsheet/viewform?formkey=dFFDMXVDYlUzZ05iTkpmc0o3M1Ewd1E6MQ"  (it is a https: URL).

Does it matter that this is a https URL instead of a http URL ? Is is possible the URL matching isn't done because PA recognises this as an app ? The traffic log shows it as an ssl application.

I even tried with formkey=*  as a test but even that didn't work.

Anyone a suggestion on what i'm doing wrong or on how to block URLs like this ?

Wim Holemans

Tags (1)
Highlighted
L5 Sessionator

Re: blocking google apps via URL

As this is SSL, we need to decrypt the traffic so that we can look at the url inside. When you have decryption in place, you should be able to block the url you referred to.

As a test, I tried to access the docs and it shows up as "0.drive.google.com/"

Highlighted
L0 Member

Re: blocking google apps via URL

Hi,

What version are you running on PAN? 

I had the same issue. When I updated my PANs from 4.1.6 to 4.1.9 version I was able to block "docs.google.com" through an URL filtering.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!