ggranular sharepoint filtering

cancel
Showing results for 
Search instead for 
Did you mean: 

ggranular sharepoint filtering

L4 Transporter

I am trying to implement granular url filtering within sharepoint site but firewall is considering it as a generic. Eg: https://xyz.sharepoint.com/pages/department/* is the url I want to allow and block rest of sharepoint. Whenever I try this link,Firewall is taking it as https://xyz.sharepoint.com/ I did test by enabling ssl decryption but of no use.

 

I was also wondering if sharepoint links are different from weblinks? Eg:libraries or so. please help.

7 REPLIES 7

Cyber Elite
Cyber Elite

TLS decryption is definately needed when you want to do this.

What does your security policy look like when your saying that you only see xyz.sharepoint.com? I assume that you have an URL profile applied to your securitypolicy where you have enabled the setting "Log container page only". Try to disable that and then check again your URL Logs (attention this could generate a lot more logs, so you might want to create a new rule for your IP only where you apply an URL profile with that setting disabled.

But what you actually need is probably some more rules with custom URL profiles. Like the following:

  1. Allow rule with a custom URL category where you allow xyz.sharepoint.com/document
  2. Deny rule with another custom URL category xyz.sharepoint.com
  3. Probably your default web browsing policy

In the first rule there are may be some other entries required for xyz.sharepoint.com to function properly and keep in mind that you want to configure these custom URL categories directly in your securityrule and not in an URL profile that you attach to that rule.

 

Hope this helps. If not, feel free to ask again 😉

Yes. Thank you for the susggestion. I had those rules enabled but the problem is there are infinite number of microsoft destinations that a machine reaches out to before authenticating to sharepoint. 

As we have explixcit deny all rule at the end, I am running into this problem. You would think identifying microsoft IPs and allow them before deny all rule would fix this?

Hello,

While whitelisting the IP's would, they are dynamic and change. Probably would be better to use DNS names. Another thing could be to use application filtering so only 'sharepoint' apps can get to those sites?

 

Just a few thoughts.

I tried doing this filtering earlier today. Sharepoint redirects the users through many urls that it has become impossible to create a good url filtering policy. Please help if you have done anything like this before.

 

Thanks.

External urls where users have to chlick on a link to get there or redirects initiated by the sharepoint website?

@vsys_remo no. Redirects from a link on a document to company's sharepoint site. 

@SThatipelly

If you really want to restrict the access to this sharepoint website, then you probably don't have an alternative other than manually build the filterlist that you allow. Maybe it is possible to use wildcards or do something with regex (with a custom App-ID).

 

If there is now way because the urls are in no way configurable when there are too much, then an alternative would be a blacklist category where you configure alle the urls that the users should not be able to reach on that sharepoint website. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!