Feature #11060
closed
Block access to consumer Google accounts
0%
Description
WebGUI feature for:
https://support.google.com/a/answer/1668854?hl=en:
To prevent users from signing in to Google services using Google Accounts other than those you explicitly specify:
1. Route all traffic outbound to google.com through your web proxy servers.
2. Enable SSL interception on the proxy server.
3. Configure every client device to trust your SSL proxy:
a. Deploy the Internal Root Certificate Authority used by the proxy.
b. Mark it as trusted.
4. For each google.com request:
a. Intercept the request.
b. Add the HTTP header X-GoogApps-Allowed-Domains: followed by a comma-separated list with allowed domain names.
Make sure that the list includes the domain you registered with G Suite and any secondary domains you added.
Example: X-GoogApps-Allowed-Domains: mydomain1.com, mydomain2.com
5. To allow users to sign in to specific accounts, add the following values to the header:
domain_name for accounts on specific domains, such as altostrat.com and tenorstrat.com for accounts ending in @altostrat.com and tenorstrat.com
consumer_accounts for consumer Google Accounts, such as @gmail.com and @googlemail.com
gserviceaccounts.com for authenticated service accounts
6. (Optional) Create a proxy policy to prevent users from inserting their own headers.
Note: This approach blocks sign-in access to Google consumer services other than Google Search, but doesn’t necessarily prohibit anonymous access.
Updated by Viktor Gurov over 3 years ago
Updated by Renato Botelho about 3 years ago
- Status changed from New to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Viktor Gurov about 3 years ago
- Status changed from Feedback to Resolved
works as expected on Squid pkg 0.4.45_3 - it blocks access to google accounts and adds youtube safesearch restrictions