Allow access to a site that is in multiple categories and one of them is blocked.

  • 23 April 2021
  • 1 reply
  • 116 views

Badge +13

In this example, we want to block Streaming and Downloadable Video, and need to:

  • Remove that category from the default steering exceptions to ensure it is steered to the Netskope cloud.

  • Identify which URLs you want to block and which you want to bypass. For mediacompanyabc.com most if not all the actual streaming content is hosted on mediacompanyabc.com/videos, so for our example we are going to create a custom category with an exclusion to accommodate our use case. using mediacompanyabc.com/videos as the exclusion to a custom News and Media category.

  • Create a custom URL list and call it “Streaming and Downloadable Video UL” (UL is for URL List) and add mediacompanyabc.com/videos to it.

  • Create a custom category and call it “News and Media CC” (the CC is for Custom Category) and include the News and Media category and exclude the Streaming and Downloadable Video UL.

  • Create your policies with an allow for News and Media preceding a block for Streaming and Downloadable Video.

What will happen is any access attempt formediacompanyabc.com will match the News and Media CC and Streaming and Downloadable Video categories but since the News and Media CC allow precedes the block the attempt will be allowed.

 

Access attempts formediacompanyabc.com will match the News and Media CC exclusion and the attempt will flow through to the Streaming and Downloadable Video block and be denied.

 

This process can be augmented in any number of ways to accommodate multiple use cases. For example you could invert the logic and create a Streaming and Downloadable Video CC and excludemediacompanyabc.com and use that in your steering exception to only sendmediacompanyabc.com to Netskope and let the video route to the Inet without us.

 

Credits: DJ Koehler, Netskope SE Leader


1 reply

Badge +2

Is this still relevant, I think there is a typo.

 

Access attempts formediacompanyabc.com/😊videos😉 will match the News and Media CC exclusion and the attempt will flow through to the Streaming and Downloadable Video block and be denied.

Reply