Create Custom HTTP Header Insertion Entries
Create custom HTTP Header Insertion rules for your Palo Alto Networks® firewall.
- If there are no upstream devices already
decrypting HTTPS traffic, configure Decryption using Configure
SSL Forward ProxyDecryption.
- Add a Custom URL Category for the SaaS application you are managing (ObjectsCustom ObjectsURL Category).
- Specify a Name for the category.
- Add the domains specific to the SaaS application you are managing.
a Decryption Policy Rule and, as you follow this procedure, configure
- In the Service/URL Category tab, Add the URL Category that you created in the previous step.
- In the Options tab, make sure the Action is set to Decrypt and that the Type is set to SSL Forward Proxy.
- Edit or create a URL filtering profile.
- Select HTTP Header Insertion in the URL Filtering Profile dialog.
- Add an entry.
- Specify a Name for this entry.
- Select Custom as the Type.
- Add domains to the Domains list.You can add up to 50 domains and each domain name can have up to 256 characters; wildcards are supported (for example, *.example.com).HTTP header insertion occurs when a domain in this list matches the domain in the Host header of the HTTP request.
- Add headers to the Headers list.You can add up to 5 headers and each header can have up to 100 characters but cannot contain any spaces.
- For each header Value.
- (Optional) Select Log to enable logging of insertion activity for the headers.
- Click OK to save your changes.
- Add or edit a Security
Policy rule (PoliciesSecurity) Security
Policythat allows users to access the SaaS application for
which you are configuring this header insertion rule.
- Choose the URL filtering profile (ActionsURL Filtering) that you edited or created in Step 2.
- Click OK to save and then Commit your changes.
- Verify that access to the SaaS application is working
in the way you expect. From an endpoint that is connected to your
- Try to access an account or content that you expect to be able to access. If you cannot access the SaaS account or content, then the configuration is not working.
- Try to access an account or content that you expect will be blocked. If you can access the SaaS account or content, then the configuration is not working.
- If both of the previous steps work as expected, then you can View Logs (if you configured logging in step 4.6) and you should see the recorded HTTP header insertion activity.
Create HTTP Header Insertion Entries using Predefined Types
You can create HTTP Header Insertion rules based on types that are predefined by Palo Alto Networks® for popular SaaS applications. ...
Use HTTP Headers to Manage SaaS Application Access
Use Palo Alto Networks® firewall URL profiles to insert custom headers into HTTP requests so that you can control access to differing versions of web ...
Domains used by the Predefined SaaS Application Types
List of domains you use for header insertion rules when using predefined HTTP header insertion rules. ...
HTTP Header Insertion
HTTP Header Insertion To enable the firewall to manage web application access by inserting HTTP headers and their values into HTTP requests, select Objects Security ...
HTTP Header Insertion and Modification
Use Palo Alto Networks® firewall URL profiles to insert HTTP headers and values into HTTP requests so that you can control access to differing versions ...
Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall. ...
App-ID enables you to see the applications on your network and learn how they work, their behavioral characteristics, and their relative risk. ...
App-ID To safely enable applications on your network, the Palo Alto Networks next-generation firewalls provide both an application and web perspective—App-ID and URL Filtering—to protect ...