Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall.
Before you begin, make sure you understand the custom HTTP headers you will use with the SaaS application you are managing. You need to understand what you can accomplish with these headers and the information you need to specify to accomplish your goals.
Be aware that SaaS applications that use custom headers do not always use them to control access to types of accounts. For example, Palo Alto Networks® provides predefined support for YouTube custom headers that determine whether network users can access restricted content.
You should also read the documentation for the SaaS application to which you want to control access so that you understand what headers you need to use for that application.
The following limits apply to HTTP header insertion:
- Header name character length: 100.
- Header value charactor length: 512.
Be aware that some SaaS applications might define custom header names, or assign values to their custom headers, that exceed these limits. These situations should be rare, but if a SaaS application does exceed one or both of these character length limits, then your next-generation firewall can not successfully manage access to that SaaS application.
The following table lists the headers that you can use for the SaaS applications for which Palo Alto Networks provides predefined support; each header also includes a link to more information specific to that header.
For More Information
You can allow access to sanctioned Enterprise Dropbox accounts. This header's value is the business account's team ID, which you can obtain from the network control section of the Dropbox admin console. You must also enable this functionality from the same location.
For details on managing this header, as well as how to enable your Dropbox clients so that you can decrypt their traffic, contact your Dropbox account representative.
Google G Suite
You can allow access to specific Google accounts from your domain. The values that you give to this header are your domain and subdomains.
Microsoft Office 365
Restrict-Access-To-Tenantswith a list of tenants you want to allow your users to access. You can use any domain that is registered with a tenant to identify the tenant in this list.
Restrict-Access-Contextwith the directory ID that is setting the tenant restriction. You can find your directory ID in the Azure portal. Sign in as an administrator, select
Azure Active Directory, then select
Recommended For You
Recommended videos not found.