Skip to main content

We’ve yet to implement any HTTP Header elements and policies but have a use case where I believe this is the best solution. However, I wanted to get some guidance.

Use Case: 

  • Dept wants a specific account (ex. - staff1@email.com) to only be able to access 3 sites (I’ll use examples): 
    • newssite1.com
    • newssite2.com
    • one.teamspace.com
  • All other sites are to be blocked completely

We tested this by:

  • building out URL List + Custom Category for the above list of URL’s
  • creating a RTP policy to allow the sites via Custom Category for staff1@email.com
  • creating a RTP policy to block remaining categories for staff1@email.com
    • placing this well below the allow policy

With the nature of news sites, though, everything feeding the content for the site (content servers, ads, other domains, etc) were blocked and unusable. Since “browse” for the rest of the web needs to be blocked, RBI wasn’t an applicable solution. I’ve since set the “block” policy to “alert” to glean more information on the web categories that may be needed. 

 

Leveraging HTTP Headers>Referral for the list of sites is what I’m thinking may be the solution here. Though we’ve yet to implement anything successfully with HTTP Headers so far. Would the following approach be the best start? 
 

  • building adding this the RTP “allow” policy for staff1@email.com
  • monitor for other categories that may need to be allowed to feed the content for the news site

I’m sure this is something you all have tackled before. ​​

I recommend opening a How-to question on at support.netskope.com with the specifics of the control so our Technical Success team can help develop the suitable solution for you.


Reply