organisation uses the Google Apps suite quite heavily. We put so much load to them that they end up putting Captcha verifications on searches as per this doc: https://support.google.com/websearch/answer/86640?hl=en
A way to mitigate these things from happening in scenario’s where organisations may have all of their traffic exiting one or two public IP’s is to implement the X-Forwarded-For into the HTTP header. It means that the web server in question (eg Google) can differentiate between one client and the other.13 votesPlanned · AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory) responded
We have implemented a back-end feature to add X-Forwarded-For headers to HTTP requests in version 4.2.0 of the Web Appliance. At present it must be enabled by Sophos support but we are considering adding it as a UI option in the future.
Note that this feature only works for non-secure HTTP so it may not help for the Google situation where the default is for traffic to use HTTPS. This is because with HTTPS, the headers are all part of the secured, encrypted communication within an SSL tunnel. There is no equivalent protocol that would work on SSL traffic.
Support for TLS 1.2 connections in Web Appliance.2 votesPlanned · AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory) responded
We are planning to add this shortly after the release of version 4.1
If some one wants to allow only google drive and has also turned data leakage prevention web mail on to block gmail. They need to add google.com to the local site list and change the category to something which is allowed. This then breaks data leakage prevention. It would be nice to have an option which would allow or block google drive.1 votePlanned · AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory) responded
I believe this issue should be improved with our Web App control coming in version 4.1
An audit log of all the actions and policy changes performed with the username, date and time.52 votes
This will not be ready in the timeframe previously outlined, but is very much in our plans.
- Don't see your idea?