Feature #14481
open
Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering"
0%
Description
https://support.google.com/work/android/answer/10513641?hl=en
https://support.apple.com/en-gb/HT210060
Each of the domains in the above require splicing with use of Squid. To create a custom list it is time consuming.
What if we added a option to provide splicing for smartphone base support similar to Palo Alto's Facebook base ACL approval list?
I am currently splicing the connections so I can still use SSL intercept for the unknown sites. If we had a button to add a pre loaded group "Splice Android Smartphones" "Splice Apple Smartphones" It would make the firewall more consumer friendly.
play\.google\.com
android\.com
|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com
google-analytics\.com
googleusercontent\.com
gstatic\.com
((gvt)([0-9]))\.com
ggpht\.com
dl\.google\.com
dl-ssl\.google\.com
android\.clients\.google\.com
[0-9])|accounts)\.google\.(com|us)
connectivitycheck\.android\.com
android\.clients\.google\.com
device-provisioning\.googleapis\.com
connectivitycheck\.gstatic\.com
omahaproxy\.appspot\.com
payments\.google\.com
googleapis\.com
notifications\.google\.com
(pki|(crl|ocsp)\.pki)\.google\.com
ogs\.google\.com
googleapis\.com
androidmanagement\.googleapis\.com
appldnld\.apple\.com\.edgesuite\.net
This is just some of the manual added splice domains.
Files
| Screenshot 2023-06-16 at 6.36.20 PM.png (221 KB) Screenshot 2023-06-16 at 6.36.20 PM.png | Splice Use | ||
| Screenshot 2023-06-16 at 6.38.27 PM.png (359 KB) Screenshot 2023-06-16 at 6.38.27 PM.png | File Regex Domains |
Updated by Jonathan Lee over 1 year ago
Note: some of the regex expressions were mixed up when posting this please ref the screen shots.