This page contains lists of domains and CIDRs for which configuring a bypass rule is recommended to ensure SSL Inspection does not break traffic associated with these applications.
This list of domains and CIDRs are also part of the SSL Quick Exception List, which can be easily toggled on/off when configuring SSL Bypass in Cloud Web Security.
With most Internet Web traffic encrypted, it is necessary to decrypt SSL traffic to apply advanced security controls. By default, Cloud Web Security SSL Inspection decrypts all SSL traffic for this reason.
SSL Inspection solutions use a "man-in-the-middle" technique to decrypt traffic that can disrupt specific types of communications by applications. Traffic that can break from a "man-in-the-middle" includes those that use certificate pinning, mutual TLS (mTLS), and WebSocket.
To ensure the Cloud Web Security service does not break these types of traffic, users can configure SSL Bypass rule(s) that override the default SSL Inspection behavior. Cloud Web Security users can still control traffic to these applications using the URL Filtering feature.
Table of Contents
- Applications
- Adobe
- Apple
- Cisco WebEx
- Dropbox
- Druva
- GitHub
- GoTo
- Grammarly
- Microsoft 365 (Formerly Office 365)
- Microsoft Defender
- Microsoft Operating Systems
- RingCentral
- Salesforce
- Slack
- VMware Workspace ONE
- Zoom
- Recommended Rules (Consolidated Applications Lists)
- Domains Bypass Rules
- CIDRs Bypass Rules
Applications
Below is a list of applications and their associated domains and CIDR blocks that are known to break when SSL Inspection is applied.
Adobe
Category: Domains
Entries: 13
sstats.adobe.com, acrobat.com, stats.adobe.com, fpdownload.adobe.com, newrelic.com, get3.adobe.com, echocdn.com, get.adobe.com, echosign.com, platformdl.adobe.com, dlmping2.adobe.com, dlmping3.adobe.com, bam.nr-data.net
Apple
Category: Domains
Entries: 80
xp-cdn.apple.com, humb.apple.com, configuration.apple.com, mesu.apple.com, gdmf.apple.com, business.apple.com, iwork.apple.com, albert.apple.com, ess.apple.com, static.ips.apple.com, swscan.apple.com, certs.apple.com, appattest.apple.com, apple-cloudkit.com, swdist.apple.com, identity.apple.com, push.apple.com, api.apps.apple.com, ls.apple.com, iprofiles.apple.com, diagassets.apple.com, oscdn.apple.com, appleid.cdn-apple.com, swdownload.apple.com, vpp.itunes.apple.com, gs.apple.com, doh.dns.apple.com, valid.apple.com, idmsa.apple.com, axm-adm-mdm.apple.com, lcdn-registration.apple.com, cssubmissions.apple.com, school.apple.com, bpapi.apple.com, skl.apple.com, xp.apple.com, sq-device.apple.com, deviceenrollment.apple.com, mask.icloud.com, gnf-mr.apple.com, ocsp2.apple.com, apps.apple.com, mask-api.icloud.com, ig.apple.com, axm-adm-scep.apple.com, axm-adm-enroll.apple.com, fba.apple.com, smp-device-content.apple.com, swquery.apple.com, setup.icloud.com, icloud.apple.com, icloud-content.com, axm-app.apple.com, swcdn.apple.com, mzstatic.com, ppq.apple.com, gsa.apple.com, mask-h2.icloud.com, itunes.apple.com, gc.apple.com, serverstatus.apple.com, gsas.apple.com, apple-livephotoskit.com, gnf-mdn.apple.com, appleid.apple.com, gg.apple.com, updates.cdn-apple.com, lcdn-locator.apple.com, icloud.com.cn, mdmenrollment.apple.com, ns.itunes.apple.com, cdn-apple.com, apzones.com, tbsc.apple.com, icloud.com, osrecovery.apple.com, smoot.apple.com, captive.apple.com, deviceservices-external.apple.com, ws-ee-maidsvc.icloud.com
Dropbox
Category: Domains
Entries: 4
cfl.dropboxstatic.com, dropboxusercontent.com, content.dropboxapi.com, dropbox.com
Druva
Category: Domains
Entries: 1
druva.com
GitHub
Category: Domains
Entries: 3
github.com, gist.githubusercontent.com, githubusercontent.com
GoTo
Category: Domains
internap.net, api.opentok.com, 123rescue.com, jointraining.com, hvoice.net, meet.goto.com, logmein.eu, fastsupport.com, gotomeeting.com, joinwebinar.com, helpme.net, jiveip.net, getgoservices.net, lastpass.eu, lmi-antivirus-live.azureedge.net, logmein-gateway.com, gotomeet.at, google-analytics.com, gotoassist.at, browse.logmeinusercontent.com, webinar.com, gotoassist.me, gotoroom.com, gotomeet.me, enterprise.opentok.com, lmi-appupdates-live.azureedge.net, jive.com, joingotomeeting.com, getgocdn.com, psyjs-cdn.personify.live, LogMeIn123.com, logmeinrescue.com, expertcity.com, anvil.opentok.com, gotostage.com, goto.com, googleapis.com, static.opentok.com, logmeinusercontent.com, dolbyvoice.com, join.me, getgoservices.com, gototraining.com, logmein.com, firebaseapp.com, accounts.logme.in, cdn.walkme.com, hamachi.cc, gotoconference.com, logmeininc.com, openvoice.com, psyjs-cdn.nuvixa.com, goto-desktop.s3.amazonaws.com, onjive.com, go2assist.me, firebaseio.com, gofastchat.com, tokbox.com, goto-rtc.com, logmeinrescue-enterprise.com, jmp.tw, internapcdn.net, gotowebinar.com, assist.com, gotomypc.com, support.me, lastpass.com, app.goto.com, getgo.com, rtcprov.net, gotoassist.com, cdngetgo.com, raas.io, google.com, logmeinrescue.eu
Grammarly (Domains)
Category: Domains
Entries: 2
grammarly.io, grammarly.com
Microsoft 365 (Formerly Office 365)
Category: Domains
Entries: 43
companymanager.microsoftonline.com, login.microsoftonline.com, officeapps.live.com, becws.microsoftonline.com, passwordreset.microsoftonline.com, broadcast.skype.com, sharepoint.com, loginex.microsoftonline.com, lync.com, login.microsoftonline-p.com, msidentity.com, outlook.office.com, msftidentity.com, security.microsoft.com, login-us.microsoftonline.com, autologon.microsoftazuread-sso.com, logincert.microsoftonline.com, accounts.accesscontrol.windows.net, defender.microsoft.com, login.microsoft.com, clientconfig.microsoftonline-p.net, provisioningapi.microsoftonline.com, account.office.net, outlook.office365.com, compliance.microsoft.com, api.passwordreset.microsoftonline.com, protection.office.com, office.live.com, adminwebservice.microsoftonline.com, protection.outlook.com, auth.microsoft.com, skypeforbusiness.com, graph.microsoft.com, login.windows.net, online.office.com, nexus.microsoftonline-p.com, account.activedirectory.windowsazure.com, mail.protection.outlook.com, graph.windows.net, ccs.login.microsoftonline.com, device.login.microsoftonline.com, teams.microsoft.com, smtp.office365.com
Microsoft Defender
Category: Domains
Entries: 53
ussus4eastprod.blob.core.windows.net, wsus2westprod.blob.core.windows.net, ussus4westprod.blob.core.windows.net, winatp-gw-neu.microsoft.com, automatedirstrprdeus3.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, automatedirstrprdcus3.blob.core.windows.net, automatedirstrprdeus.blob.core.windows.net, wsuk1westprod.blob.core.windows.net, usseu1northprod.blob.core.windows.net, ussuk1southprod.blob.core.windows.net, officecdn-microsoft-com.akamaized.net, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu.blob.core.windows.net, wdcp.microsoft.com, automatedirstrprdcus.blob.core.windows.net, europe.x.cp.wd.microsoft.com, ussus2eastprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, us-v20.events.data.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, wd.microsoft.com, winatp-gw-neu3.microsoft.com, winatp-gw-cus.microsoft.com, x.cp.wd.microsoft.com, winatp-gw-cus3.microsoft.com, wsus1westprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, wseu1northprod.blob.core.windows.net, ussus2westprod.blob.core.windows.net, wsuk1southprod.blob.core.windows.net, ussuk1westprod.blob.core.windows.net, automatedirstrprdweu.blob.core.windows.net, winatp-gw-eus.microsoft.com, packages.microsoft.com, unitedstates.x.cp.wd.microsoft.com, wsus1eastprod.blob.core.windows.net, winatp-gw-weu3.microsoft.com, automatedirstrprdweu3.blob.core.windows.net, automatedirstrprdukw.blob.core.windows.net, ussus1westprod.blob.core.windows.net, eu-v20.events.data.microsoft.com, ussus3westprod.blob.core.windows.net, uk-v20.events.data.microsoft.com, usseu1westprod.blob.core.windows.net, winatp-gw-uks.microsoft.com, ussus1eastprod.blob.core.windows.net, ussus3eastprod.blob.core.windows.net, cdn.x.cp.wd.microsoft.com, winatp-gw-weu.microsoft.com, winatp-gw-eus3.microsoft.com, winatp-gw-ukw.microsoft.com, events.data.microsoft.com
Microsoft Operating Systems
Category: Domains
Entries: 17
musicimage.xboxlive.com, dl.delivery.mp.microsoft.com, windowsupdate.com, store-images.microsoft.com, sls.microsoft.com, windowsupdate.microsoft.com, wustat.windows.com, prod.do.dsp.mp.microsoft.com, mp.microsoft.com, download.microsoft.com, cdn.microsoft.com, tsfe.trafficshaping.dsp.mp.microsoft.com, media-assetcatalog.microsoft.com, store-images.s-microsoft.com, mediadiscovery.microsoft.com, update.microsoft.com, ntservicepack.microsoft.com
RingCentral
Category: CIDRs
Entries: 9
199.68.212.0/22, 192.209.24.0/21, 199.255.120.0/22, 80.81.128.0/20, 208.87.40.0/22, 104.245.56.0/21, 66.81.240.0/20, 185.23.248.0/22, 103.44.68.0/22
Salesforce
Category: Domains
Entries: 5
content.force.com, salesforce.com, lightning.force.com, visual.force.com, documentforce.com
Slack
Category: Domains
Entries: 4
wss-backup.slack.com, wss-mobile.slack.com, lb.slack-msgs.com, wss-primary.slack.com
VMware Workspace ONE
Category: Domains
SSL Pinning and Outbound SSL Interception Proxies (2960709)
Entries: 2
vidmpreview.com, awmdm.com
WebEx
Category: Domains
Entries: 17
vbrickrev.com, webex.com, slido.com, lencr.org, accompany.com, godaddy.com, intel.com, sli.do, wbx2.com, webexcontent.com, appdynamics.com, identrust.com, digicert.com, data.logentries.com, quovadisglobal.com, eum-appdynamics.com, ciscospark.com
WebEx
Categoty: Subnets
Entries: 26
20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16
Zoom
Category: Domains
Entries: 1
zoom.us
Recommended Rules (Consolidated Applications Lists)
The rules below consolidate every application listed above and can be easily copied and pasted into a single Cloud Web Security SSL Inspection bypass rule. However, should users prefer to not include an exemption for every application covered in this document, users can create individual bypass rule(s) for specific application(s) using the information provided above.
SSL Bypass Domains
Entries: 320
automatedirstrprdweu3.blob.core.windows.net, oscdn.apple.com, goto-desktop.s3.amazonaws.com, gc.apple.com, logmeinrescue.com, broadcast.skype.com, meet.goto.com, visual.force.com, msftidentity.com, wsus2westprod.blob.core.windows.net, sq-device.apple.com, cdn-apple.com, identrust.com, content.force.com, gdmf.apple.com, mesu.apple.com, icloud.com, musicimage.xboxlive.com, tbsc.apple.com, osrecovery.apple.com, firebaseapp.com, jmp.tw, cssubmissions.apple.com, quovadisglobal.com, outlook.office.com, companymanager.microsoftonline.com, automatedirstrprdcus3.blob.core.windows.net, axm-app.apple.com, goto.com, lastpass.com, mzstatic.com, wss-primary.slack.com, lastpass.eu, druva.com, sharepoint.com, ocsp2.apple.com, automatedirstrprdneu.blob.core.windows.net, mask-api.icloud.com, hvoice.net, automatedirstrprdeus3.blob.core.windows.net, becws.microsoftonline.com, deviceenrollment.apple.com, appleid.apple.com, smtp.office365.com, github.com, serverstatus.apple.com, store-images.microsoft.com, lcdn-registration.apple.com, app.goto.com, browse.logmeinusercontent.com, login.microsoftonline-p.com, gnf-mr.apple.com, wsuk1southprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, online.office.com, lync.com, assist.com, smoot.apple.com, automatedirstrprdcus.blob.core.windows.net, dolbyvoice.com, eu-v20.events.data.microsoft.com, psyjs-cdn.personify.live, skl.apple.com, webexcontent.com, appattest.apple.com, captive.apple.com, sls.microsoft.com, icloud.com.cn, google.com, acrobat.com, enterprise.opentok.com, ussus3westprod.blob.core.windows.net, deviceservices-external.apple.com, bpapi.apple.com, content.dropboxapi.com, getgocdn.com, ussus4eastprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, mask-h2.icloud.com, logmein.com, iprofiles.apple.com, logmeininc.com, usseu1westprod.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, graph.microsoft.com, winatp-gw-eus.microsoft.com, vpp.itunes.apple.com, grammarly.com, dlmping3.adobe.com, accounts.logme.in, api.passwordreset.microsoftonline.com, swquery.apple.com, wbx2.com, vidmpreview.com, ussuk1westprod.blob.core.windows.net, lmi-antivirus-live.azureedge.net, gist.githubusercontent.com, cfl.dropboxstatic.com, dlmping2.adobe.com, fpdownload.adobe.com, lightning.force.com, xp-cdn.apple.com, adminwebservice.microsoftonline.com, gg.apple.com, office.live.com, mask.icloud.com, ccs.login.microsoftonline.com, iwork.apple.com, outlook.office365.com, wsus1westprod.blob.core.windows.net, tsfe.trafficshaping.dsp.mp.microsoft.com, vbrickrev.com, events.data.microsoft.com, europe.x.cp.wd.microsoft.com, webinar.com, itunes.apple.com, logmeinrescue-enterprise.com, jiveip.net, ls.apple.com, apple-cloudkit.com, ntservicepack.microsoft.com, xp.apple.com, gotoassist.me, getgoservices.net, diagassets.apple.com, security.microsoft.com, automatedirstrprdeus.blob.core.windows.net, clientconfig.microsoftonline-p.net, media-assetcatalog.microsoft.com, newrelic.com, gofastchat.com, officecdn-microsoft-com.akamaized.net, logincert.microsoftonline.com, usseu1northprod.blob.core.windows.net, gotomypc.com, winatp-gw-eus3.microsoft.com, wustat.windows.com, dropbox.com, wss-mobile.slack.com, loginex.microsoftonline.com, ussus2eastprod.blob.core.windows.net, gotomeet.me, onjive.com, data.logentries.com, wd.microsoft.com, logmeinrescue.eu, idmsa.apple.com, ussus2westprod.blob.core.windows.net, ussus1westprod.blob.core.windows.net, x.cp.wd.microsoft.com, winatp-gw-ukw.microsoft.com, wseu1northprod.blob.core.windows.net, gotowebinar.com, download.microsoft.com, intel.com, uk-v20.events.data.microsoft.com, unitedstates.x.cp.wd.microsoft.com, digicert.com, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, getgoservices.com, echocdn.com, awmdm.com, internapcdn.net, gnf-mdn.apple.com, ciscospark.com, protection.office.com, rtcprov.net, lmi-appupdates-live.azureedge.net, echosign.com, expertcity.com, login.microsoft.com, gotoassist.com, us-v20.events.data.microsoft.com, albert.apple.com, gotoroom.com, winatp-gw-cus.microsoft.com, lencr.org, officeapps.live.com, gs.apple.com, tokbox.com, ig.apple.com, ws-ee-maidsvc.icloud.com, gotoconference.com, winatp-gw-neu.microsoft.com, githubusercontent.com, gotoassist.at, automatedirstrprdukw.blob.core.windows.net, hamachi.cc, push.apple.com, winatp-gw-neu3.microsoft.com, logmeinusercontent.com, api.opentok.com, school.apple.com, grammarly.io, support.me, teams.microsoft.com, salesforce.com, swdist.apple.com, joinwebinar.com, certs.apple.com, swcdn.apple.com, wsuk1westprod.blob.core.windows.net, google-analytics.com, gsa.apple.com, axm-adm-enroll.apple.com, passwordreset.microsoftonline.com, eum-appdynamics.com, smp-device-content.apple.com, apps.apple.com, windowsupdate.microsoft.com, gotomeeting.com, ppq.apple.com, login-us.microsoftonline.com, windowsupdate.com, account.activedirectory.windowsazure.com, ussus4westprod.blob.core.windows.net, compliance.microsoft.com, firebaseio.com, graph.windows.net, identity.apple.com, logmein.eu, go2assist.me, icloud.apple.com, cdn.x.cp.wd.microsoft.com, mediadiscovery.microsoft.com, ussus1eastprod.blob.core.windows.net, 123rescue.com, ns.itunes.apple.com, ussus3eastprod.blob.core.windows.net, swscan.apple.com, provisioningapi.microsoftonline.com, jointraining.com, valid.apple.com, sli.do, mp.microsoft.com, nexus.microsoftonline-p.com, swdownload.apple.com, setup.icloud.com, device.login.microsoftonline.com, doh.dns.apple.com, automatedirstrprdweu.blob.core.windows.net, lcdn-locator.apple.com, static.opentok.com, get3.adobe.com, fastsupport.com, joingotomeeting.com, helpme.net, bam.nr-data.net, updates.cdn-apple.com, gotostage.com, business.apple.com, lb.slack-msgs.com, gototraining.com, join.me, winatp-gw-cus3.microsoft.com, appleid.cdn-apple.com, ussuk1southprod.blob.core.windows.net, protection.outlook.com, winatp-gw-uks.microsoft.com, sstats.adobe.com, logmein-gateway.com, wss-backup.slack.com, platformdl.adobe.com, apzones.com, axm-adm-scep.apple.com, fba.apple.com, prod.do.dsp.mp.microsoft.com, wdcp.microsoft.com, cdn.microsoft.com, winatp-gw-weu.microsoft.com, static.ips.apple.com, gsas.apple.com, get.adobe.com, LogMeIn123.com, mail.protection.outlook.com, accounts.accesscontrol.windows.net, openvoice.com, dl.delivery.mp.microsoft.com, mdmenrollment.apple.com, msidentity.com, cdngetgo.com, accompany.com, skypeforbusiness.com, api.apps.apple.com, googleapis.com, ess.apple.com, auth.microsoft.com, getgo.com, login.microsoftonline.com, goto-rtc.com, anvil.opentok.com, jive.com, documentforce.com, axm-adm-mdm.apple.com, internap.net, slido.com, cdn.walkme.com, configuration.apple.com, psyjs-cdn.nuvixa.com, winatp-gw-weu3.microsoft.com, account.office.net, humb.apple.com, godaddy.com, update.microsoft.com, dropboxusercontent.com, webex.com, store-images.s-microsoft.com, stats.adobe.com, apple-livephotoskit.com, zoom.us, appdynamics.com, login.windows.net, autologon.microsoftazuread-sso.com, wsus1eastprod.blob.core.windows.net, gotomeet.at, icloud-content.com, packages.microsoft.com, defender.microsoft.com, raas.io
SSL Bypass CIDRs
104.245.56.0/21, 185.23.248.0/22, 80.81.128.0/20, 199.255.120.0/22, 192.209.24.0/21, 199.68.212.0/22, 103.44.68.0/22, 66.81.240.0/20, 208.87.40.0/22, 20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16