Skip to main content

AD_4nXc5Ge9tMn_WCsk-UfhQ_6TBgPVocBh7bWosMYwD-elqb3HZ2YQtkC6T0UqeiCYlXGUBkcxoP0APw2cyMM-eVLdGT4RMhElSQvB3mcCiHAwOWHzehit6XupKYwSyXnQ_4E1Qop0uag?key=XPHddBPbgOY_UwM-6qEuEIcQ

Netskope Global Technical Success (GTS)

Block VPN and Proxy Extension Installation in Chrome Browser

 

Netskope Cloud Version - 121

 

Objective

This article helps administrators block the installation of unauthorized VPN and Proxy extensions in Chrome browser to protect network integrity.The goal is to protect network security and enforce browsing policies.

 

Prerequisite

Netskope SWG license is required

 

Context

VPN and Proxy extensions can be used to bypass network monitoring and violate corporate internet usage policies. For organizations that need to enforce strict browsing guidelines, blocking these extensions is essential. This document details how administrators can prevent VPN and Proxy extension installation in Chrome and Edge.

 

Procedure

To block the installation and functionality of VPN/proxy extensions, implement the following two policies:  

1.Custom URL Category Policy

Create a policy that uses a custom URL category with a regex pattern to match VPN/proxy installation traffic and set the action to “Block”

 

2.Predefined Category Policy: 

Configure a policy with the predefined "Web Proxies/Anonymizers" category, setting the action to "Block."

 

Step 1: Configure a URL list with Regex

Path: Netskope Tenant UI >>> Profiles >>> URL List >>> New URL List

  • Include the following regex in the URL list.

^chromewebstore\.google\.com/.*(?i)vpn.*

^chromewebstore\.google\.com/.*(?i)proxy.*

^www.google-analytics\.com/.*(?i)chromewebstore.*

AD_4nXfzW1IaT2-av92cr6Vnc6trt5rp-qMPbfuM57aWi1Wj9WJ6apUs3ByMfPQAfsBbo8LvMtqvrK9rY3HyTDh6ZTK002iwUz9UbE_x4K6ikL_T1cQemWSGSd1E0Vx3YtPZ2E2g3E_YIQ?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

Step 2: Configuring Custom URL Category and Real-Time Policy

  • Set up a Custom URL Category .

Path: Netskope Tenant UI >>> Profiles >>> Custom Categories >>> New Category

AD_4nXetcSHoMElCjO6yjfdixOUuISDvJ3KTzDUdvzRYz6ZQqG_D00VfTezyxRLy9Sd3YTDdVAAocaDcn2_CO08N_JET7Z6K_-5dir_JP-2dVl0QfVsUPebztMzVXucpnKV_3aymV7FT?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

  • Configure a Real-Time Protection Policy.

AD_4nXf0uO1qKBFOswPbAcSbpDm4UQNxNAGs98-Z83UGRwvQ5rN2Dm3cQDVY5F_qFrrDPtibLfrMvXIPQ5tILi1aM29OWhtKshvBwM3XKzYRR0w_xDecJ9PeuRI8rA68NXGQHHR8WoPSEQ?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

Step 3: Configure a Real-Time Protection Policy to block “Web Proxies/Anonymizers" category

AD_4nXdrKqTnSGx_qkEpw2W_2vnfAuNzM6DVNHE8chYwqx42pftx2Cpve3dGF-d_sPQCHpUO9dpstOY7LZMLiOPqALTDqIMOBO_LRQxOSsN3lZrgtbKaNEnQP4VsMWDEDhmuNaZDwABayw?key=XPHddBPbgOY_UwM-6qEuEIcQ
 

Verification

The user tries to install 'VPN' or 'Proxy’ Chrome extensions.

AD_4nXdEy4EDb-v_4GD4nmQxXbjRINT7SrEV1vPKpl4R8fAq6nqn3WMrCrScxT97xSNXrSBk3l1fJ4phAy9IM34rQydwS5C1M8tQmeBs4_DmeAzqiEw4d1wRygSJl11vdH8FwRiFiMzgrA?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

The user tries to open any extension, but the traffic is blocked, and the UI displays 'Item not available.'

AD_4nXf_jpGT_8ZfJZ9BuayqoQxVl6CcHOeaOu4cbV9z1rHwbKGo6C0H5XBnNGiGIK4Sl39NmFoUTy7pea87mzhFWaIrhvIPhPJSI5XQLtgZuHKgKnyu4QZAmpze4IUKDVAD5CAmQnZ9hw?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

The Skope IT Alert logs show that the traffic is being blocked by the policy.

AD_4nXcnYsdRn5wD71IwwNrvyGApvH2MpLorw2dW4OYcxc74VifKI9aPP6dVWiMmTYox5ir-BkAYT9mNyAEyCzDaObezcP2WgtQpp6UMSI7iUr8WairNkbYnnfifXMN1iPAlEZkfAuB9dA?key=XPHddBPbgOY_UwM-6qEuEIcQ

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.