Use Palo Alto Networks® firewall URL profiles to insert
HTTP headers and values into HTTP requests so that you can control
access to differing versions of web applications.
Unsanctioned usage of SaaS applications can be a way
for your users to transmit sensitive information outside of your
network, usually by accessing a consumer version of an application.
However, if you need to allow access to the enterprise version of
these applications for specific individuals or organizations, then
you can't block the SaaS application entirely. With the HTTP header
insertion and modification feature, you can now manage HTTP header
information to disallow SaaS consumer accounts while allowing a
specific enterprise account.
Because many SaaS applications allow or disallow access to applications based on
information contained in specific HTTP headers, you can use predefined header insertion rules to manage
access to popular SaaS applications. Predefined rules are specific
to particular SaaS applications. Currently there are four available
predefined applications: Google, Dropbox, YouTube, and Office 365.
These applications (and any additional applications that might be predefined
in the future) are populated and maintained by Palo Alto Networks® using
content updates. If a SaaS vendor changes its implementation so
that additional header or domain information is needed, Palo Alto
Networks will use a content update to modify the relevant predefined
rule for you.
If you want to perform HTTP header insertion for an application
that is not yet predefined in a content update, you can create a custom rule. Custom rules allow
you to manage custom HTTP headers but you can also use them to manage
standard HTTP headers depending on your requirements.
Custom rules that you create will never be managed or modified
by Palo Alto Networks. It is your responsibility to maintain the
custom rules that you create so that they accurately interact with
the SaaS application.
You don't need a URL Filtering license to use this feature.