- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-03-2013 09:22 AM
Hello,
I want to know how I can do the following questions:
1.- How can I block in gmail application the access to all the mails like this xxxx@gmail.com, but allow the access to emalis like this xxxx@domain.ec that also are associated with Gmail.
2.- How to monitor the users who access to public mails and know what are the access account and the destination account of a specific email.
Thanks.
Regards.
04-03-2013 05:02 PM
When (currently) logging in to Gmail a POST is made towards https://accounts.google.com/ServiceLoginAuth :
POST /ServiceLoginAuth HTTP/1.1
Host: accounts.google.com
which in the payload contains (among other things):
&Email=username%40gmail.com&
So I guess that part should be doable.
That is create a custom app that depends on the gmail-base (or whatever) but triggers on http-method=POST and payload contains &Email=(.*)%40domain.ec&
Put this custom appid as action=allow (along with url=accounts.google.com). While another security rule acting on url=accounts.google.com (and appid=any) is put directly after the previous allowing security rule as action=deny. This way you should be able to login with xxx@domain.ec but not with any other domain (or username without domain).
In order for the above to work you need to have ssl-termination (ssl-decrypt) active.
The risks is that the user might have already been authenticated elsewhere in the google stratosphere and by that perhaps doesnt need to go the route through accounts.google.com. But also if the authentication can be done through GET instead of POST (because then you need expand your custom appid to cover that aswell). I have also no idea how IMAP (that is gmail app in android and such) can be blocked if you wish to block that aswell (the above was verified with firefox running live http header to look into the ssl session).
And as for your second question Im sorry but dont fully understand what you are asking for?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!