+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
Internet Related/Filtering/Firewall Thread, Blocking Google+ or personal Gmail accounts, but not Apps for Education accounts in Technical; I just stumbled across this: Block access to consumer accounts and services while allowing access to Google Apps for your ...
  1. #16


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I just stumbled across this:

    Block access to consumer accounts and services while allowing access to Google Apps for your organization - Google Apps Help

    Short answer: To block access to some Google accounts and services while allowing access to your Google Apps accounts, you need a web proxy server that can perform SSL interception and insert HTTP headers.
    As an administrator, you may want to prevent users from signing in to Google services using any accounts other than the accounts you provided them with. For example, you may not want them to use their personal Gmail accounts or a Google Apps account from another domain.

    A common means of blocking access to web services is using a web proxy server to filter traffic directed at particular URLs. This approach won’t work in this case, because legitimate traffic from a user’s Google Apps account goes to the same URL as the traffic you want to block.

    To only allow users to access Google services using specific Google accounts from your domain, you need the web proxy server to add a header to all traffic directed to google.com; the header identifies the domains whose users can access Google services. Since most Google Apps traffic is encrypted, your proxy server also needs to support SSL interception. (See below for a list of proxy servers known to support both SSL interception and HTTP header insertion.)

    To prevent users from signing in to Google services using Google accounts other than those you explicitly specify:

    Route all traffic outbound to google.com through your web proxy server(s).
    Enable SSL interception on the proxy server.

    Since you will be intercepting SSL requests, you will probably want to manage client certificates on every device using the proxy, so that the user’s browser does not issue warnings for the requests.
    For each google.com request:

    a. Intercept the request.

    b. Add the HTTP header X-GoogApps-Allowed-Domains, whose value is a comma-separated list with allowed domain name(s). Include the domain you registered with Google Apps and any secondary domains you might have added.

    For example, to allow users to sign in using accounts ending @Altostrat.com and tenorstrat.com, create a header with the name X-GoogApps-Allowed-Domains and this value:
    altostrat.com, tenorstrat.com

  2. #17


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Indeed - that's the "other" way to do it. Still need an HTTPS intercepting filter though, and they are still not that common.

    We plan to support this way RSN.

  3. Thanks to tom_newton from:

    AngryTechnician (7th November 2011)

  4. #18

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,187
    Thank Post
    303
    Thanked 335 Times in 238 Posts
    Rep Power
    142
    Quote Originally Posted by irsprint84 View Post
    I cheated and put plus.google.com in dns to point to 127.0.0.1
    Please can someone explain in idiot steps how to do this (or point to a suitable tutorial)?

    Have a similar problem. In our case, the filter (Websense) is controlled by the LEA who aren't willing/able to alter things their end. We need https://google.com generally available for Google Apps, but want any searches blocked as they bypass the enforced strict search. The instructions here say to do this:

    To utilize the no SSL option for your network, configure the DNS entry for Google to be a CNAME for nosslsearch.google.com.
    but I don't have a clue on how to do it!

    My normal "cheat" way of blocking stuff (set it to "direct" rather than via the proxy) just doesn't seem to work

  5. #19

    Join Date
    Jun 2013
    Location
    india
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    There are lot of free proxies available ,but as per google docs we need to add a custom header to every google request ( X-GoogApps-Allowed-Domains) to block consumer account
    Block access to consumer accounts - Google Apps Help

    The best simple method is using one small proxy called burp suit download it from its free version is enough for doing this

    Download Burp Suite 1.5- Burp Suite is an integrated platform for performing security testing of web... - SPIDERSOFT - Download Free Softwares and drivers

    the detailed installation and configuration is found

    COMPUTECH » Block access to consumer gmail accounts but allow google apps

    in a small organisation its better to use and effective

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Microsoft live@edu Vs Google Apps for Education.
    By Sentro in forum Educational Software
    Replies: 94
    Last Post: 27th October 2011, 09:46 AM
  2. Replies: 17
    Last Post: 29th September 2011, 02:39 PM
  3. Why use live@edu or Google Apps for Education- discuss
    By SimpleSi in forum General Chat
    Replies: 24
    Last Post: 10th March 2011, 11:03 AM
  4. Google sites and apps for education info
    By edutech4schools in forum Virtual Learning Platforms
    Replies: 60
    Last Post: 17th December 2010, 02:35 PM
  5. Google Apps for Education - Single Sign-On
    By enjay in forum How do you do....it?
    Replies: 8
    Last Post: 9th December 2010, 07:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •