Create HTTP Header Insertion Entries using Predefined Types
You can create HTTP Header Insertion rules based on types that are predefined by Palo Alto Networks® for popular SaaS applications.
- If you are configuring SSL decryption for Dropbox, then you must also configure your Dropbox clients to allow SSL traffic. These procedures are specific and private to Dropbox — to obtain these procedures, contact your Dropbox account representative.
- Adda Custom URL Category for the SaaS application you are managing ().ObjectsCustom ObjectsURL Category
- Specify aNamefor the category.
- Addthe domains specific to the SaaS application you are managing. See Domains used by the Predefined SaaS Application Types for a list of the domains that you use for each of the predefined SaaS applications.
- Create a Decryption Policy Rule and, as you follow this procedure, configure the following:
- In theService/URL Categorytab,AddtheURL Categorythat you created in the previous step.
- In theOptionstab, make sure theActionis set toDecryptand that theTypeis set toSSL Forward Proxy.
- Edit or add a URL filtering profile.
- SelectHTTP Header Insertionin theURL Filtering Profiledialog.
- Addan entry.
- Specify aNamefor this entry.
- Select a predefined applicationType.This populates theDomainsandHeaderslists.
- For eachHeader, enter aValue.
- (Optional) SelectLogto enable logging of insertion activity for the headers.
- ClickOKto save your changes.
- Addor edit a Security Policy rule () that allows users to access the SaaS application for which you are configuring this header insertion rule.PoliciesSecurity
- Choose the URL filtering profile () that you edited or created in Step 2.ActionsURL Filtering
- ClickOKto save and thenCommityour changes.
- Verify that access to the SaaS application is working in the way you expect. From an endpoint:
- Try to access an account or content that you expect to be able to access. If you cannot access the SaaS account or content, then the configuration is not working.
- Try to access an account or content that you expect will be blocked. If you can access the SaaS account or content, then the configuration is not working.
- If both of the previous steps work as expected, then you can View Logs (if you configured logging in step 4.4) and you should see the recorded HTTP header insertion activity.
Use HTTP Headers to Manage SaaS Application Access
Use Palo Alto Networks® firewall URL profiles to insert custom headers into HTTP requests so that you can control access to differing versions of web ...
Domains used by the Predefined SaaS Application Types
List of domains you use for header insertion rules when using predefined HTTP header insertion rules. ...
Create Custom HTTP Header Insertion Entries
Create custom HTTP Header Insertion rules for your Palo Alto Networks® firewall. ...
HTTP Header Insertion
HTTP Header Insertion To enable the firewall to manage web application access by inserting HTTP headers and their values into HTTP requests, select Objects Security ...
HTTP Header Insertion and Modification
Use Palo Alto Networks® firewall URL profiles to insert HTTP headers and values into HTTP requests so that you can control access to differing versions ...
Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall. ...
App-ID enables you to see the applications on your network and learn how they work, their behavioral characteristics, and their relative risk. ...
Application Whitelist Example
Application Whitelist Example Keep in mind that you do not need to capture every application that might be in use on your network in your ...