This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- Referrer Allow Rule Not Working
Referrer Allow Rule Not Working
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2023 10:20 PM
I have a Real Time Protection DLP rule that is blocking uploads to unauthorized cloud storage sites. This rule hit when a user uploaded an invoice to a platform we use, Divvy. Divvy's storage is backed by S3. As such, the event shows that there was an Upload action on S3, with the referrer being https://app.divvy.co.
As this platform is trusted and will be in frequent use, I want to whitelist these actions. As such, I:
- created a HTTP Header policy, designating that I want to check the Referrer header, and set the value to https://app.divvy.co
- created a RTP policy above the the existing DLP policy that is blocking (well, alerting the user on) the upload. The policy allows Upload to S3 if the referrer matches the one I created above.
NOTE: The Allow policy, while above the Block policy, is in a different policy group. I don't think this matters, but figured it was worth stating.
Of course - you know where this is going. The action continues to be alerted on, despite the explicit allow. I have added screenshots to demonstrate the policies, placement, and alert. Any guidance is helpful, as it seems to me this should be working, so I am left thinking I have a fundamental misunderstanding of how the policies function.
Labels:
- Labels:
-
HTTP Header Profile
0 Replies 0
Subscribe
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Related Content
- possible to DLP block PII sent via OneDrive or Gdrive app? in Data Loss Prevention (DLP)
- Client enrollment pop-up not working in linux and mac in Cloud Access Security Broker (CASB)
- Identify Office Locations by Source IP Addresses in Advanced Analytics Dashboard
- Issue with google drive application in Cloud Access Security Broker (CASB)
- Couple custom field creation questions in Advanced Analytics
Labels
-
NG-SWG
29 -
SWG
23 -
NSClient
19 -
DLP
12 -
netskope client
11 -
Next Gen SWG
11 -
NGSWG
8 -
android
6 -
SCIM
5 -
Client
5 -
Real-time Policy
4 -
URL List
4 -
cloud firewall
4 -
forward proxy
4 -
Threat Protection
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
CASB
4 -
GRE
4 -
IOS
4 -
Netskope Endpoint Client
4 -
cfw
3 -
users
3 -
policy
3 -
Google Idp
3 -
DLP Violation
3 -
malware
3 -
Provisionning
3 -
categories
3 -
Email DLP
3 -
IDP
3 -
Groups
3 -
skopeit
3 -
Netskope Agent
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
Azure
2 -
ssl
2 -
Certificate Pinned
2 -
Advanced Analytics
2 -
traffic
2 -
inline
2 -
install
2 -
Netskope Client installation mechanism
2 -
Best Practices
2 -
ChromeOS
2 -
Directory Importer
2 -
AWS
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
IPSec Tunnels
2 -
ipsec
2 -
PAC file
2 -
User Group
2 -
Authentication
2 -
url filtering
2 -
Reverse Proxy
2 -
steer traffic
2 -
Admin
2 -
cloud exchange
2 -
okta
2 -
Access
2 -
Netskope
2 -
Apps
2 -
vpn
2 -
Azure AD
2 -
User Notification
2 -
Advance Analytics
2 -
Sync
2 -
MacOS
2 -
Chromebook
2 -
steering exception
2 -
slowness issue
2 -
communication between domain and application
1 -
data
1 -
Next Fen SWG
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
Instances APP Enterprise
1 -
NativeApp
1 -
application
1 -
no decryption
1 -
alerts
1 -
Profile
1 -
GitHub
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
punycode
1 -
DNS Resolver
1 -
controls
1 -
google
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
discord
1 -
Netskope REST API
1 -
AAD
1 -
interception
1 -
SASE
1 -
multi-user mode
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
Epic
1 -
Local admin
1 -
browser
1 -
WebSecurity
1 -
log data
1 -
Upload
1 -
traffic steering
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
Internet Access
1 -
steering
1 -
block
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
status
1 -
MIP
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
chatgpt
1 -
appdefinition
1 -
HTTP Header Profile
1 -
best practice
1 -
security posture check
1 -
Rest API
1 -
Report
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
Artificial Intelligence
1 -
NewEdge
1 -
zero touch
1 -
CCI
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
explicit proxy over IPSec
1 -
ldap
1 -
SIEM Integration
1 -
Intune
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Office 365
1 -
AMP
1 -
domain
1 -
interoperability
1 -
Education
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
Evasive Phishing
1 -
file size
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
MFA
1 -
domain fronting
1 -
incremental update
1 -
Troubleshooting
1 -
Netskope Threat Labs
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
Google chat
1 -
Whitelist
1 -
native definition
1 -
API
1 -
configuration
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
App
1 -
Netskope Admin
1 -
Windows Server 2016
1 -
Guidelines
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
APP instance
1 -
web
1 -
YouTube
1 -
client update
1 -
Custom Rule
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances Corp
1 -
Whatsapp
1 -
licensing
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In