URL Pattern
cancel
Showing results for 
Search instead for 
Did you mean: 

URL Pattern

L3 Networker

We currently block the web mail category but I need to make an exception which I can place in our allow list. We need to allow outlook.com/domain.edu but not sure if I should use this full URL or if I do will it allow all of outlook.com or if I need to use a REGEX. I appreciate any help.

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.
1 ACCEPTED SOLUTION

Accepted Solutions

Hi @jeff6strings

 

not sure I follow :)

outlook is webmail :) the outlook.com domain redirects to either the freeware outlook.live.com or to the 'business' outlook.office.com 

 

so if you allow outlook,com , people would be able to get redirected to both the free and the business url, but if you then only allow the office one, the user would get a block page if they try to reach the live.com one

 

if you allow outlook.office.com, that would allow (your) corporate webmail, but theoretically also _other_ company corporate webmails (since you can't identify the company once you're in the OWA bit)

 

so you could prevent people from redirecting in the first place by only whitelisting outlook.com/company.tld but you'd need to allow outlook.office.com so anyone that knows to use that domain directly would still be able to get to their other webmail hosted on office365

 

hope this makes sense

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

4 REPLIES 4

L7 Applicator

hi @jeff6strings

 

outlook.com redirects to https://outlook.live.com/owa/ (free)

outlook.com/domain.edu redirects to https://outlook.office.com/owa (office365 business)

 

you should be ok by adding "outlook.com/domain.edu" _and_ "outlook.office.com" to the whitelist

 

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

If I add outlook.office.com would that allow Outlook in general even if it is 365 business? I would like to keep webmail (even business and free) blocked and just allow the outlook.com/domain.edu. 

Thanks for the reply.

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.

Hi @jeff6strings

 

not sure I follow :)

outlook is webmail :) the outlook.com domain redirects to either the freeware outlook.live.com or to the 'business' outlook.office.com 

 

so if you allow outlook,com , people would be able to get redirected to both the free and the business url, but if you then only allow the office one, the user would get a block page if they try to reach the live.com one

 

if you allow outlook.office.com, that would allow (your) corporate webmail, but theoretically also _other_ company corporate webmails (since you can't identify the company once you're in the OWA bit)

 

so you could prevent people from redirecting in the first place by only whitelisting outlook.com/company.tld but you'd need to allow outlook.office.com so anyone that knows to use that domain directly would still be able to get to their other webmail hosted on office365

 

hope this makes sense

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

@reaper

That does make sense. We don't use any of the Outlook web but one of our customers has required us to use one of their accounts so we just need to narrow down access to outlook.com/domain.edu.

Thanks again.

Jeff

 

Passionate about network infrastructure and all things Palo Alto Networks.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!