Netskope Global Technical Success (GTS)

Use Case - Block the downloading of TikTok from any website

Netskope Cloud Version - 113

Objective

To demonstrate the process for block downloading of Tik Tok from any website 

Prerequisite

Netskope SWG license is required

Context

This article outlines the rationale and step-by-step process for downloading the TikTok application from any website.

Upon analyzing various websites offering the TikTok application for download, it was observed that the URL consistently includes the keywords "tiktok" or "tik-tok" in its path. Therefore, the proposed approach is to prevent downloads from websites containing these keywords in their URL paths. This concept can also be extended to other scenarios, such as blocking access to the career section of any website.

Please see the example snapshot below for reference -

Lab Recreate:

The idea here is to create a Regex that will match the keyword “tiktok” and “tik-tok” in the URL path and to create a policy that will block downloads from such URL but at the same time it should not block background downloads from any search made on any search engine related to the word “tiktok” and “tik-tok”

Eg : https://tik-tok.en.softonic.com/download : Downloads from this Website should get blocked

However, the any downloads from the second URL as shown below that appears when you simply type the keyword “tiktok” or “tik-tok” in the search option of a search engine, should not be blocked : 

To create a Regex and understand the supported syntax, you can leverage this document from Netskope Knowledge base

Below steps can be followed to accomplish this use case : 

• Create a Regex that will detect the keyword “tiktok” and “tik-tok” in any URL : 
• Regex 1 : .*tiktok.*

• Regex 2 : .*tik-tok.*

To validate the regex you can use Regex Tester Tools

• Create a Regex that will exclude the google searches for the keyword “tiktok” “tik-tok” and else the above regex will also block the URLs that are associated with search of these keywords
• Regex 1 : .*search.*tiktok.*|^.*tiktok.*search.*
• Regex 2 : .*search.*tik-tok.*|^.*tik-tok.*search.*

Step 1 : Create a custom URL list under Policies - Web - URL List - New URL List with the first two regexes : 

Step 2 :  Create a custom URL list under Policies - Web - URL List - New URL List with the exclusion regexes

Step 3 : Now create a Custom category with the URL list 1 in Inclusion and the URL list 2 in exclusion

Step 4 : Now go to the Real time protection policy page under Policies - Real Time protection policies - Web and create a Real time protection policy as shown below : 

Always restrict the testing to a subset of users before rolling out in production

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.