הגרסה המתורגמת של מאמר זה תהיה זמינה בקרוב. עד אז, ניתן להציג את הגרסה באנגלית.
20 בספטמבר 2024 | 33487 תצוגות | 59 אנשים חשבו שזה היה מועיל
Configure a list of allowed domains to access Webex while on your corporate network
You can ensure that people only sign in to Webex App using accounts from a predefined list of domains. Use a proxy server to intercept requests and limit the domains that are allowed.
You can use the following steps as guidelines to configure your web proxy server.
-
You must install a proxy server that can perform Transport Layer Security (TLS) interception, HTTP header insertion, and filter destinations using fully qualified domain names (FQDNs) or URLs.
The following are tested Web proxy servers and the detailed steps are provided below to configure these proxy servers:
-
To ensure you have the ability to do HTTP header insertions in an HTTPS connection, TLS interception must be configured on your proxy. See the information about proxies, in Network requirements for Webex services, and ensure you meet the requirements specific to your proxy server.
1 |
Route all outbound traffic to Webex through your web proxy servers.
|
2 |
Enable TLS interception on the proxy server.
|
3 |
For each Webex request:
-
Intercept the request.
-
Add the HTTP header CiscoSpark-Allowed-Domains: and include a comma separated list of allowed domains. You must include the destination domains: idbroker.webex.com, idbroker-secondary.webex.com, idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com, idbroker-ca.webex.com and your proxy server includes the custom header for requests sent to these destination domains.
For example, to allow users from the example.com domain, add:
-
CiscoSpark-Allowed-Domains:example.com
-
for domain(s):idbroker.webex.com, idbroker-secondary.webex.com,
idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com,
idbroker-ca.webex.com .
If you have users in multiple email domains, you must include all the domains in the comma separated list of allowed domains. For example, to allow users from the example.com, the example1.com and example2.com domains, add:
-
CiscoSpark-Allowed-Domains:example.com,example1.com,example2.com
-
for domain(s):idbroker.webex.com, idbroker-secondary.webex.com,
idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com,
idbroker-ca.webex.com .
People who attempt to sign in to Webex App from an unauthorized account receive an error.
|
You can use Cisco Web Security Appliances (WSA) proxy server to intercept requests and limit the domains that are allowed. Add custom headers in WSA and these headers are applied to outgoing Transport Layer Security (TLS) traffic to request special handling from destination servers.
1 |
Access the WSA CLI.
|
2 |
Enter advancedproxyconfig .
|
3 |
Enter CUSTOMHEADERS .
|
4 |
Enter NEW .
|
5 |
Enter CiscoSpark-Allowed-Domains: EXAMPLE.COM .
Where EXAMPLE.COM is the domain to use this header with.
|
6 |
Enter idbroker.webex.com, idbroker-secondary.webex.com,
idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com,
idbroker-ca.webex.com .
|
7 |
Select Return.
|
8 |
Select Return and enter Commit .
|
You can create a policy in the Blue Coat Visual Policy Manager, the policy intercepts the Transport Layer Security (TLS) traffic and adds the Webex App header.
1 |
In the Visual Policy Manager, select .
-
Click Add rule, right-click the Action column, and select Set.
-
Click New and select Enable HTTPS Interception.
-
Modify the name, click OK, and then OK.
|
2 |
Select .
-
Add Cisco Spark to the layer name.
-
Click Add rule, right-click the Destination column and select Set.
-
Click New, select Request URL
Object and for Simple Match URL, enter
idbroker.webex.com, idbroker-secondary.webex.com,
idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com,
idbroker-ca.webex.com .
-
Click Add, click Close, and then click OK.
-
Right-click the Action column and select Set.
-
Click New, select Control Request Header, and modify the name to include Cisco Spark.
-
For Header Name enter CiscoSpark-Allowed-Domains, and in Set value add your enterprise domains. You can add multiple domains separated by commas.
-
Click OK and then click OK.
|
3 |
Click Install Policy.
|