Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
02-12-2018 07:10 PM
I am trying to implement granular url filtering within sharepoint site but firewall is considering it as a generic. Eg: https://xyz.sharepoint.com/pages/department/* is the url I want to allow and block rest of sharepoint. Whenever I try this link,Firewall is taking it as https://xyz.sharepoint.com/ I did test by enabling ssl decryption but of no use.
I was also wondering if sharepoint links are different from weblinks? Eg:libraries or so. please help.
02-14-2018 11:50 AM
TLS decryption is definately needed when you want to do this.
What does your security policy look like when your saying that you only see xyz.sharepoint.com? I assume that you have an URL profile applied to your securitypolicy where you have enabled the setting "Log container page only". Try to disable that and then check again your URL Logs (attention this could generate a lot more logs, so you might want to create a new rule for your IP only where you apply an URL profile with that setting disabled.
But what you actually need is probably some more rules with custom URL profiles. Like the following:
In the first rule there are may be some other entries required for xyz.sharepoint.com to function properly and keep in mind that you want to configure these custom URL categories directly in your securityrule and not in an URL profile that you attach to that rule.
Hope this helps. If not, feel free to ask again 😉
02-15-2018 06:41 AM
Yes. Thank you for the susggestion. I had those rules enabled but the problem is there are infinite number of microsoft destinations that a machine reaches out to before authenticating to sharepoint.
As we have explixcit deny all rule at the end, I am running into this problem. You would think identifying microsoft IPs and allow them before deny all rule would fix this?
02-15-2018 07:16 AM
Hello,
While whitelisting the IP's would, they are dynamic and change. Probably would be better to use DNS names. Another thing could be to use application filtering so only 'sharepoint' apps can get to those sites?
Just a few thoughts.
08-16-2018 01:14 PM
I tried doing this filtering earlier today. Sharepoint redirects the users through many urls that it has become impossible to create a good url filtering policy. Please help if you have done anything like this before.
Thanks.
08-19-2018 01:06 AM
External urls where users have to chlick on a link to get there or redirects initiated by the sharepoint website?
08-20-2018 08:17 AM
@Remo no. Redirects from a link on a document to company's sharepoint site.
08-21-2018 04:37 PM
If you really want to restrict the access to this sharepoint website, then you probably don't have an alternative other than manually build the filterlist that you allow. Maybe it is possible to use wildcards or do something with regex (with a custom App-ID).
If there is now way because the urls are in no way configurable when there are too much, then an alternative would be a blacklist category where you configure alle the urls that the users should not be able to reach on that sharepoint website.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
