Summary
How to block access to games hosted on sites.google.com, but continue allowing access to the rest of the domain.
Problem
You want to block specific content, but allow access to the secure site of sites.google.com
.
You must decrypt and inspect the HTTPS traffic in order for the full URL to be read and matched to a policy.
Solution
-
Create a custom category for Google Sites Inspection, and add
sites.google.com
to Domain/URL filtering. - Create another custom category, Google Games Site Block, and add the full URL of the relevant gaming site to Domain/URL filtering, for example,
https://sites.google.com/a/mydomain.com/games/
. - Create a new web filter policy (go to Guardian > Web filter > Policy wizard), using:
- Who Everyone, or the relevant user or groups to apply this policy to
- What Google Games Site Block
- Where Everywhere, or the relevant location to apply this policy to
- When Always, or the relevant time slot to apply this policy to
- Action Block
- Move this policy to the top of the Web filter policies table go to Guardian > Web filter > Manage policies.
- Create a new HTTPS inspection policy, using:
- Who Everyone, or the relevant user or groups to apply this policy to
- What Google Sites Inspection
- Where Everywhere, or the relevant location to apply this policy to
- When Always, or the relevant time slot to apply this policy to
- Action Decrypt and inspect
- Move this policy to the top of the HTTPS inspection policies table go to Guardian > HTTPS inspection > Manage policies.
- Export the HTTPS interception certificate go to Guardian > HTTPS inspection > Settings.
- Deploy the certificate to all client machines, typically by means of a domain group policy.