Skip to main content
  • EN

AD_4nXeW-yh0H_77Vfbyt0dtY3kcVfOTlGtuP5u28ImBKQ6rM1JrI0DI9VhIhHF77Vhwk-GpfkY2UaXbzJ3AO78arDl0CKWiy3FgMnD4uPnFKtsRTw1zfcpT8wkjy19JmnC51DFqW9QhWPRugsd-1tc08sy4QCtj?key=yO56UmQzQJ47tB70spRvdw

Netskope Global Technical Success (GTS)

KB - How to Block Parent Domain While Allowing Subdomains

 

Netskope Cloud Version - 117

 

Objective

How to block parent domain while allowing subdomains

 

Prerequisite

Netskope SWG license is required

 

Context

The customer's operational guidelines may include strict policies that require utilizing Netskope’s features to develop distinct scenarios. An example of such a scenario involves blocking the parent domain while permitting its sub-domains.

For instance, we aim to enable access to "bitbucket.org/*" while restricting access to the root domain "bitbucket.org".

  • URL to be blocked :

 https://bitbucket.org/

  • URL to be allowed : 

https://bitbucket.org/product/guides/getting-started/overview#a-brief-overview-of-bitbucket

 

Do You Know?

  • Netskope URL list definition under Policies - Web - URL List can also be framed using Regexes. In this use-case scenario, we are going to leverage the below Regex format to device the Regexes : 

https://docs.netskope.com/en/url-list-best-practices/

 

Configuration

  • Go to Policies - Web - URL list and create a new URL list to match : bitbucket.org 

AD_4nXdg14L0uA10TrV8T75oyzwVkldQs7R6R_Co_qTHwZrW8s8u4Mhb9hvEu6XzLamnbpp0b1VT3Zjr01av3w0GGPiJ9YnUMHUqJNM6hXR_K1nv2gOcs-yPTuMz6wSmXEIBxG1NvUsA9H6xX6GHbvn4EOqHZks?key=yO56UmQzQJ47tB70spRvdw

  • Go to Policies - Web - URL list and create another  URL list to match : bitbucket.org/* . This URL list is essential to whitelist all the subdomains of bitbucket.org from getting blocked

     AD_4nXef2RPSYsfNjQ4Eh-ulgpLYxyVfs4ZWfj0is0gPe1Ek0VUYmQxaxVU7J75J1yEkaumviwF2dxnef4g_FP52SirJsEUf9VNuKmH6JbFYKiTUcOPAfcMsHDuVPV7A_RfWLuUMTphgCDEjLINQ6FtpR3vk0n0N?key=yO56UmQzQJ47tB70spRvdw

  • Go to Policies - Web - Custom Categories - New Custom category and create a Custom category to include the above two regexes as shown below : 

     AD_4nXdsbgx9uNvM1KDDqIgoi0zyCI7R1xYKSEsfHzVFoPxegJawj69PtAMZyhqQnKqqgnD87rPpxyHoWcRWwJWpOzAO-C_8nEH2dxw8DRCjV4HZk-k2yMwh9-tGVvgetjy1TEdi7DSY4MhJSzxJToaxRmQbSJCh?key=yO56UmQzQJ47tB70spRvdw

  • Go to Policies - Real Time protection  and create a Block policy with the above Custom Category as shown below

 

AD_4nXeWvtT4Ss1FfnnRiFiTgiBKHEvpkcrnZtS2QBAukhdpe1i0S6ftH4iPaN2NXzj5Z4RzqdD4Ceogfqu12NGufbMs4duyctkrrYVQt4iiAQ3MXhZiDrLdAbkf2Yq2TCx08jeiFWzjUfaKw7P7nKw4dcZWXuNr?key=yO56UmQzQJ47tB70spRvdw

 

Verification

AD_4nXcEwpkW3pt0tpNHoKM7uPAXFLapoJcd2xfr6XfgucQPYPcOeoeLJX1fl7p-gRZlWPRSUcB45X2FjpuKDO-8KYcDOSycUBaWxqqgDsJB6c4aneexA67Ky2eep3QEz7ucYVMYxCB-tMz7cdS5CPkDjZIK-_Sy?key=yO56UmQzQJ47tB70spRvdw

  AD_4nXf6ajYqBAranZRhEJI76aDJGss8R7CfS0VUx6NgDiTrjfkl8tntOIan8kJiIVKQWCOdlmvmQZMUwUohbhdaJ5UbwrfJtKFTrBXnxJ3XTBQGYw5o4vQD-Auf1-OsDwvsrJfj1AhVm4A0wWa1HpYFfAOHFL39?key=yO56UmQzQJ47tB70spRvdw

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

 

Be the first to reply!
Terms & ConditionsCookie settings