Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 18506 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Scan Exception for Google Drive and Google Hangout?

JensStraten

In preparation of the next beta, I have updated my Sophos XG installation and added some more configuration. Among other things, I have enabled HTTPS scanning which required me to create some exceptions. So far, I have created some working exceptions for Skype, some financial and educational services by either way bypassing an entire category (financial and educational services) or by adding some URL pattern matches (e.g. Skype).

So far so good. However, I found that some services stopped working:

 

1. Google Drive

I have created a web category including googledrive.com and drive.google.com. In addition, accounts.google.com is already added as a URL pattern match allowing me to logon to GMail. However, Google Drive fails with "Unable to connect".

 

2. Google Hangout

Not sure what Google Hangout needs to work, but it works on mobile devices using a clientless bypass rule. On my desktop PC, I am using YakYak which is just giving me a "Connecting" message.

 

Any suggestion what I might be missing? Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Thank you for your feedback!

    I tried looking at the console and creating a custom rule. Console didn't show any dropped packages and the custom rule simply picked up too much traffic to identify the missing piece. Furthermore, the logs just IP addresses which would point me to Google's main URL.

    After some tinkering I found that I was missing one URL in my existing Google HTTPS scan exceptions list. Here is a complete list of all the URLs I am using to get Google Drive, Hangout, Docs, Sheets and Slides to work:

    ^([A-Za-z0-9.-]*\.)?accounts\.google\.com/
    ^([A-Za-z0-9.-]*\.)?docs\.google\.com/
    ^([A-Za-z0-9.-]*\.)?drive\.google\.com/
    ^([A-Za-z0-9.-]*\.)?googledrive\.com/
    ^([A-Za-z0-9.-]*\.)?plus\.google\.com/
    ^([A-Za-z0-9.-]*\.)?sheets\.google\.com/
    ^([A-Za-z0-9.-]*\.)?slides\.google\.com/
    ^([A-Za-z0-9.-]*\.)?talk\.google\.com/

    Cheers,

    Jens

  • 0 in reply to JensStraten

    Looks like I spoke too soon. Both services stopped working after rebooting my machine.

    After some more testing, I got Google Drive to work by adding a few more URLs to my list:

    ^([A-Za-z0-9.-]*\.)?accounts\.google\.com/
    ^([A-Za-z0-9.-]*\.)?apis\.google\.com/
    ^([A-Za-z0-9.-]*\.)?docs\.google\.com/
    ^([A-Za-z0-9.-]*\.)?sheets\.google\.com/
    ^([A-Za-z0-9.-]*\.)?plus\.google\.com/
    ^([A-Za-z0-9.-]*\.)?drive\.google\.com/
    ^([A-Za-z0-9.-]*\.)?googleapis\.com/
    ^([A-Za-z0-9.-]*\.)?googleusercontent\.com/
    ^([A-Za-z0-9.-]*\.)?talk\.google\.com/
    ^([A-Za-z0-9.-]*\.)?googledrive\.com/
    ^([A-Za-z0-9.-]*\.)?video\.google\.com/
    ^([A-Za-z0-9.-]*\.)?gstatic\.google\.com/
    ^([A-Za-z0-9.-]*\.)?slides\.google\.com/

     

    Sadly, Hangout only works if I add ^([A-Za-z0-9.-]*\.)?google\.com/ to the list. If I have to do that, I might as well turn off HTTPS scanning altogether...

    Anyhow, I will try to spend some more time on this tomorrow.

  • 0 in reply to JensStraten

    I found that Chrome Hangout actually works with the exceptions shown above. The client I am using is called YakYak. It is still not working, but I have created a ticket on their developer forum.

    Will report back if anything comes out of that.

Reply Children
No Data