Create HTTP Header Insertion Entries using Predefined Types
Create HTTP Header Insertion rules based on predefined SaaS application types or to include the username and domain in the HTTP header.
- If you are configuring SSL decryption for Dropbox, then you must also configure your Dropbox clients to allow SSL traffic. These procedures are specific and private to Dropbox — to obtain these procedures, contact your Dropbox account representative.
- Adda Custom URL Category for the SaaS application you are managing ().ObjectsCustom ObjectsURL Category
- Specify aNamefor the category.
- Addthe domains specific to the SaaS application you are managing or for which you want to insert the username and domain in the headers. See Domains used by the Predefined SaaS Application Types for a list of the domains that you use for each of the predefined SaaS applications. See Insert Username in HTTP Headers for more information on configuring the firewall to include the username and domain in the HTTP headers.Each domain name can be up to 254 characters and you can identify a maximum of 50 domains for each entry. The domain list supports wildcards (for example,*.example.com). As a best practice, do not nest wildcards (for example,*.*.*) and do not overlap domains within the same URL profile.
- For SaaS application management, Create a Decryption Policy Rule and, as you follow this procedure, configure the following:
- In theService/URL Categorytab,AddtheURL Categorythat you created in the previous step.
- In theOptionstab, make sure theActionis set toDecryptand that theTypeis set toSSL Forward Proxy.
- Edit or add a URL filtering profile.
- SelectHTTP Header Insertionin theURL Filtering Profiledialog.
- Addan entry.
- Specify aName(up to 100 characters) for this entry.
- Select a predefinedType.This populates theDomainsandHeaderslists.
- For eachHeader, enter aValue.
- (Optional) SelectLogto enable logging of insertion activity for the headers.Allowed traffic is not logged, so header insertions are not logged for allowed traffic.
- ClickOKto save your changes.
- Addor edit a Security Policy rule () to include the HTTP header insertion URL filtering profile.PoliciesSecurity
- For SaaS application management, allow users to access the SaaS application for which you are configuring this header insertion rule.
- To include the username and domain in the HTTP headers, apply the URL filtering profile to the security policy rule for HTTP or HTTPS traffic.
- Choose the URL filtering profile () that you edited or created in Step 2.ActionsURL Filtering
- ClickOKto save and thenCommityour changes.
- Verify that the firewall correctly inserts the header.
- For Saas application management, from an endpoint, confirm that access to the SaaS application is working in the way you expect.
- Try to access an account or content that you expect to be able to access. If you cannot access the SaaS account or content, then the configuration is not working.
- Try to access an account or content that you expect will be blocked. If you can access the SaaS account or content, then the configuration is not working.
- If both of the previous steps work as expected, then you can View Logs (if you configured logging in step 4.4) and you should see the recorded HTTP header insertion activity.
Recommended For You
Recommended videos not found.