I wanted to make a post to the community to see what other people are doing about this issue. We currently have a support case open with Palo for this and has been open for quite some time. Long story short, users that have previously logged into a Yahoo account and have a session cookie are able to somehow circumvent security policy and the app sometimes is parsed as App-ID "SSL" instead of "yahoo-mail-base." We are able to recreate this behavior 100% of the time. The only way we were able to block Yahoo Mail was by selectively decrypting this traffic and blocking the following URL's: mail.yahoo.com login.yahoo.com *.mail.yahoo.com *.login.yahoo.com Even with the decryption applied, the sessions are still sometimes getting misparsed and users are still able to access Yahoo Mail. Again, this is directly related to if the user has logged into a Yahoo account before or not; if the person has never previously logged into a Yahoo account, the access is blocked completely. Now since "login.yahoo.com" is on this URL category we created, users are unable to login to Yahoo for other areas (such as Yahoo Finance). Just seeing if the community has tackled this issue before why we keep trying through traditional support channels.
... View more