What "googleapis.com" exceptions are needed for Google sites to work with HTTPS/DPI?
I had an exception for *.googleapis.com to allow unrestricted access, probably made a long time ago when I had a memory and I thought it was needed for something (the exception, not the memory!).
I just asked a client for samples of scam emails so that I could use them in a demo of how a Firebox can provide additional protection. The one he sent had a target of https://storageDOTgoogleapisDOTcom/pmail/storeDOThtm (DOT used to keep anyone from clicking a real link), and that site is listed as known-malicious phishing by my Trend Micro WFBS antivirus software. I Googled and found several mentions similar to "Malicious site like Storage.googleapis.com is known for distributing various kinds of adware, malware, and potentially unwanted program."
So, I removed the *.googleapis.com exception for now.
What "googleapis.com" exceptions are needed for Google sites to work with HTTPS/DPI? Now that I know that malicious software can be hosted there, what is need for legit sites that use googleapis.com to work? Or is this going to be another wild game of whack-a-mole?