What "googleapis.com" exceptions are needed for Google sites to work with HTTPS/DPI?
I had an exception for *.googleapis.com to allow unrestricted access, probably made a long time ago when I had a memory and I thought it was needed for something (the exception, not the memory!).
I just asked a client for samples of scam emails so that I could use them in a demo of how a Firebox can provide additional protection. The one he sent had a target of https://storageDOTgoogleapisDOTcom/pmail/storeDOThtm (DOT used to keep anyone from clicking a real link), and that site is listed as known-malicious phishing by my Trend Micro WFBS antivirus software. I Googled and found several mentions similar to "Malicious site like Storage.googleapis.com is known for distributing various kinds of adware, malware, and potentially unwanted program."
So, I removed the *.googleapis.com exception for now.
What "googleapis.com" exceptions are needed for Google sites to work with HTTPS/DPI? Now that I know that malicious software can be hosted there, what is need for legit sites that use googleapis.com to work? Or is this going to be another wild game of whack-a-mole?
Gregg
Gregg Hill
Comments
Looks to me that Google (or something) uses storage.googleapis.com for updates.
I can't find anything on the Internet to indicate what storage.googleapis.com/update-delta is user for.
This is TCP port 80 access:
storage.googleapis.com/update-delta/gkmgaooipdjhmangpemjhigmamcehddo/77.224.200/77.223.200/a9cc3a50560eb579ea2e3644cf0380b77e9eed7ab9a30d717228d7d73898d55f.crxd
As I have not blocked this TCP port 80 access, no idea the impact of doing so.
I do see a lot of HTTPS access to these. Again, no idea what happens if they get denied/blocked.
fonts.googleapis.com
safebrowsing.googleapis.com
clientservices.googleapis.com
clientservices.googleapis.com access happens when I start Chrome which auto-opens Gmail
A number of other ...googleapis.com sites are accessed when I do the above.
Hi, Bruce!
I think I created the original *.googleapis.com exception years ago for the same reasons you noted, but it's too broad now that I know that malware is also hosted at storage.googleapis.com.
Eventually, I think that we are not going to be able to use DPI without daily babysitting of our Fireboxes.
I dropped the wildcard exception and will run that way for a while and fine tune what's needed, then do the same for my clients.
Thank you for your help!
Gregg
Gregg Hill