此頁面包含建議為其設定略過規則的網域和 CIDR 清單,以確保 SSL 檢查不會中斷與這些應用程式相關聯的流量。

由於大多數網際網路 Web 流量皆已加密,因此,需要將 SSL 流量解密,以套用進階安全性控制。為此,Cloud Web Security SSL 檢查功能依預設會將所有 SSL 流量解密。

SSL 檢查解決方案使用「中間人」技術,來解密可能中斷應用程式之特定類型通訊的流量。可能從「中間人」中斷的流量包括使用憑證關聯、相互 TLS (mTLS) 和 WebSocket 的流量。

為了確保 Cloud Web Security 服務不會中斷這些類型的流量,使用者可以設定 SSL 略過規則,以覆寫預設 SSL 檢查行為。Cloud Web Security 使用者仍可以使用 URL 篩選功能,來控制流向這些應用程式的流量。

提示: 若要設定 SSL 檢查略過規則,請參閱 設定安全性原則

目錄

  • 應用程式
    • Adobe
    • Apple
    • Cisco WebEx
    • Dropbox
    • Druva
    • GitHub
    • GoTo
    • Grammarly
    • Microsoft 365 (以前稱為 Office 365)
    • Microsoft Defender
    • Microsoft 作業系統
    • RingCentral
    • Salesforce
    • Slack
    • VMware Workspace ONE
    • Zoom
  • 建議的規則 (合併的應用程式清單)
    • 網域略過規則
    • CIDR 略過規則

應用程式

以下是應用程式及其相關聯的網域和 CIDR 區塊清單,已知會在套用 SSL 檢查時中斷它們。

Adobe

參考

類別:網域

項目數:13

sstats.adobe.com, acrobat.com, stats.adobe.com, fpdownload.adobe.com, newrelic.com, get3.adobe.com, echocdn.com, get.adobe.com, echosign.com, platformdl.adobe.com, dlmping2.adobe.com, dlmping3.adobe.com, bam.nr-data.net

Apple

參考

類別:網域

項目數:80

xp-cdn.apple.com, humb.apple.com, configuration.apple.com, mesu.apple.com, gdmf.apple.com, business.apple.com, iwork.apple.com, albert.apple.com, ess.apple.com, static.ips.apple.com, swscan.apple.com, certs.apple.com, appattest.apple.com, apple-cloudkit.com, swdist.apple.com, identity.apple.com, push.apple.com, api.apps.apple.com, ls.apple.com, iprofiles.apple.com, diagassets.apple.com, oscdn.apple.com, appleid.cdn-apple.com, swdownload.apple.com, vpp.itunes.apple.com, gs.apple.com, doh.dns.apple.com, valid.apple.com, idmsa.apple.com, axm-adm-mdm.apple.com, lcdn-registration.apple.com, cssubmissions.apple.com, school.apple.com, bpapi.apple.com, skl.apple.com, xp.apple.com, sq-device.apple.com, deviceenrollment.apple.com, mask.icloud.com, gnf-mr.apple.com, ocsp2.apple.com, apps.apple.com, mask-api.icloud.com, ig.apple.com, axm-adm-scep.apple.com, axm-adm-enroll.apple.com, fba.apple.com, smp-device-content.apple.com, swquery.apple.com, setup.icloud.com, icloud.apple.com, icloud-content.com, axm-app.apple.com, swcdn.apple.com, mzstatic.com, ppq.apple.com, gsa.apple.com, mask-h2.icloud.com, itunes.apple.com, gc.apple.com, serverstatus.apple.com, gsas.apple.com, apple-livephotoskit.com, gnf-mdn.apple.com, appleid.apple.com, gg.apple.com, updates.cdn-apple.com, lcdn-locator.apple.com, icloud.com.cn, mdmenrollment.apple.com, ns.itunes.apple.com, cdn-apple.com, apzones.com, tbsc.apple.com, icloud.com, osrecovery.apple.com, smoot.apple.com, captive.apple.com, deviceservices-external.apple.com, ws-ee-maidsvc.icloud.com

Dropbox

參考

類別:網域

項目數:4

cfl.dropboxstatic.com, dropboxusercontent.com, content.dropboxapi.com, dropbox.com

Druva

參考

類別:網域

項目數:1

druva.com

GitHub

參考

類別:網域

項目數:3

github.com, gist.githubusercontent.com, githubusercontent.com

GoTo

類別:網域

參考

項目數:75
internap.net, api.opentok.com, 123rescue.com, jointraining.com, hvoice.net, meet.goto.com, logmein.eu, fastsupport.com, gotomeeting.com, joinwebinar.com, helpme.net, jiveip.net, getgoservices.net, lastpass.eu, lmi-antivirus-live.azureedge.net, logmein-gateway.com, gotomeet.at, google-analytics.com, gotoassist.at, browse.logmeinusercontent.com, webinar.com, gotoassist.me, gotoroom.com, gotomeet.me, enterprise.opentok.com, lmi-appupdates-live.azureedge.net, jive.com, joingotomeeting.com, getgocdn.com, psyjs-cdn.personify.live, LogMeIn123.com, logmeinrescue.com, expertcity.com, anvil.opentok.com, gotostage.com, goto.com, googleapis.com, static.opentok.com, logmeinusercontent.com, dolbyvoice.com, join.me, getgoservices.com, gototraining.com, logmein.com, firebaseapp.com, accounts.logme.in, cdn.walkme.com, hamachi.cc, gotoconference.com, logmeininc.com, openvoice.com, psyjs-cdn.nuvixa.com, goto-desktop.s3.amazonaws.com, onjive.com, go2assist.me, firebaseio.com, gofastchat.com, tokbox.com, goto-rtc.com, logmeinrescue-enterprise.com, jmp.tw, internapcdn.net, gotowebinar.com, assist.com, gotomypc.com, support.me, lastpass.com, app.goto.com, getgo.com, rtcprov.net, gotoassist.com, cdngetgo.com, raas.io, google.com, logmeinrescue.eu

Grammarly (網域)

參考

類別:網域

項目數:2

grammarly.io, grammarly.com

Microsoft 365 (以前稱為 Office 365)

參考

類別:網域

項目數:43

companymanager.microsoftonline.com, login.microsoftonline.com, officeapps.live.com, becws.microsoftonline.com, passwordreset.microsoftonline.com, broadcast.skype.com, sharepoint.com, loginex.microsoftonline.com, lync.com, login.microsoftonline-p.com, msidentity.com, outlook.office.com, msftidentity.com, security.microsoft.com, login-us.microsoftonline.com, autologon.microsoftazuread-sso.com, logincert.microsoftonline.com, accounts.accesscontrol.windows.net, defender.microsoft.com, login.microsoft.com, clientconfig.microsoftonline-p.net, provisioningapi.microsoftonline.com, account.office.net, outlook.office365.com, compliance.microsoft.com, api.passwordreset.microsoftonline.com, protection.office.com, office.live.com, adminwebservice.microsoftonline.com, protection.outlook.com, auth.microsoft.com, skypeforbusiness.com, graph.microsoft.com, login.windows.net, online.office.com, nexus.microsoftonline-p.com, account.activedirectory.windowsazure.com, mail.protection.outlook.com, graph.windows.net, ccs.login.microsoftonline.com, device.login.microsoftonline.com, teams.microsoft.com, smtp.office365.com

Microsoft Defender

參考

類別:網域

項目數:53

ussus4eastprod.blob.core.windows.net, wsus2westprod.blob.core.windows.net, ussus4westprod.blob.core.windows.net, winatp-gw-neu.microsoft.com, automatedirstrprdeus3.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, automatedirstrprdcus3.blob.core.windows.net, automatedirstrprdeus.blob.core.windows.net, wsuk1westprod.blob.core.windows.net, usseu1northprod.blob.core.windows.net, ussuk1southprod.blob.core.windows.net, officecdn-microsoft-com.akamaized.net, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu.blob.core.windows.net, wdcp.microsoft.com, automatedirstrprdcus.blob.core.windows.net, europe.x.cp.wd.microsoft.com, ussus2eastprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, us-v20.events.data.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, wd.microsoft.com, winatp-gw-neu3.microsoft.com, winatp-gw-cus.microsoft.com, x.cp.wd.microsoft.com, winatp-gw-cus3.microsoft.com, wsus1westprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, wseu1northprod.blob.core.windows.net, ussus2westprod.blob.core.windows.net, wsuk1southprod.blob.core.windows.net, ussuk1westprod.blob.core.windows.net, automatedirstrprdweu.blob.core.windows.net, winatp-gw-eus.microsoft.com, packages.microsoft.com, unitedstates.x.cp.wd.microsoft.com, wsus1eastprod.blob.core.windows.net, winatp-gw-weu3.microsoft.com, automatedirstrprdweu3.blob.core.windows.net, automatedirstrprdukw.blob.core.windows.net, ussus1westprod.blob.core.windows.net, eu-v20.events.data.microsoft.com, ussus3westprod.blob.core.windows.net, uk-v20.events.data.microsoft.com, usseu1westprod.blob.core.windows.net, winatp-gw-uks.microsoft.com, ussus1eastprod.blob.core.windows.net, ussus3eastprod.blob.core.windows.net, cdn.x.cp.wd.microsoft.com, winatp-gw-weu.microsoft.com, winatp-gw-eus3.microsoft.com, winatp-gw-ukw.microsoft.com, events.data.microsoft.com

Microsoft 作業系統

參考

類別:網域

項目數:17

musicimage.xboxlive.com, dl.delivery.mp.microsoft.com, windowsupdate.com, store-images.microsoft.com, sls.microsoft.com, windowsupdate.microsoft.com, wustat.windows.com, prod.do.dsp.mp.microsoft.com, mp.microsoft.com, download.microsoft.com, cdn.microsoft.com, tsfe.trafficshaping.dsp.mp.microsoft.com, media-assetcatalog.microsoft.com, store-images.s-microsoft.com, mediadiscovery.microsoft.com, update.microsoft.com, ntservicepack.microsoft.com

RingCentral

參考

類別:CIDR

項目數:9

199.68.212.0/22, 192.209.24.0/21, 199.255.120.0/22, 80.81.128.0/20, 208.87.40.0/22, 104.245.56.0/21, 66.81.240.0/20, 185.23.248.0/22, 103.44.68.0/22

Salesforce

參考

類別:網域

項目數:5

content.force.com, salesforce.com, lightning.force.com, visual.force.com, documentforce.com

Slack

參考

類別:網域

項目數:4

wss-backup.slack.com, wss-mobile.slack.com, lb.slack-msgs.com, wss-primary.slack.com

VMware Workspace ONE

參考

類別:網域

SSL 固定和輸出 SSL 攔截 Proxy (2960709)

項目數:2

vidmpreview.com, awmdm.com

WebEx

參考

類別:網域

項目數:17

vbrickrev.com, webex.com, slido.com, lencr.org, accompany.com, godaddy.com, intel.com, sli.do, wbx2.com, webexcontent.com, appdynamics.com, identrust.com, digicert.com, data.logentries.com, quovadisglobal.com, eum-appdynamics.com, ciscospark.com

WebEx

類別:子網路

項目數:26

20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16

Zoom

參考

類別:網域

項目數:1

zoom.us

建議的規則 (合併的應用程式清單)

下列規則會合併上述每一個應用程式,可讓您輕鬆複製並貼到單一 Cloud Web Security SSL 檢查略過規則中。不過,如果使用者不希望將本文件涵蓋的每個應用程式全納入免除中,使用者可以使用上面提供的資訊,為特定應用程式建立個別的略過規則。

SSL 略過網域

項目數:320

automatedirstrprdweu3.blob.core.windows.net, oscdn.apple.com, goto-desktop.s3.amazonaws.com, gc.apple.com, logmeinrescue.com, broadcast.skype.com, meet.goto.com, visual.force.com, msftidentity.com, wsus2westprod.blob.core.windows.net, sq-device.apple.com, cdn-apple.com, identrust.com, content.force.com, gdmf.apple.com, mesu.apple.com, icloud.com, musicimage.xboxlive.com, tbsc.apple.com, osrecovery.apple.com, firebaseapp.com, jmp.tw, cssubmissions.apple.com, quovadisglobal.com, outlook.office.com, companymanager.microsoftonline.com, automatedirstrprdcus3.blob.core.windows.net, axm-app.apple.com, goto.com, lastpass.com, mzstatic.com, wss-primary.slack.com, lastpass.eu, druva.com, sharepoint.com, ocsp2.apple.com, automatedirstrprdneu.blob.core.windows.net, mask-api.icloud.com, hvoice.net, automatedirstrprdeus3.blob.core.windows.net, becws.microsoftonline.com, deviceenrollment.apple.com, appleid.apple.com, smtp.office365.com, github.com, serverstatus.apple.com, store-images.microsoft.com, lcdn-registration.apple.com, app.goto.com, browse.logmeinusercontent.com, login.microsoftonline-p.com, gnf-mr.apple.com, wsuk1southprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, online.office.com, lync.com, assist.com, smoot.apple.com, automatedirstrprdcus.blob.core.windows.net, dolbyvoice.com, eu-v20.events.data.microsoft.com, psyjs-cdn.personify.live, skl.apple.com, webexcontent.com, appattest.apple.com, captive.apple.com, sls.microsoft.com, icloud.com.cn, google.com, acrobat.com, enterprise.opentok.com, ussus3westprod.blob.core.windows.net, deviceservices-external.apple.com, bpapi.apple.com, content.dropboxapi.com, getgocdn.com, ussus4eastprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, mask-h2.icloud.com, logmein.com, iprofiles.apple.com, logmeininc.com, usseu1westprod.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, graph.microsoft.com, winatp-gw-eus.microsoft.com, vpp.itunes.apple.com, grammarly.com, dlmping3.adobe.com, accounts.logme.in, api.passwordreset.microsoftonline.com, swquery.apple.com, wbx2.com, vidmpreview.com, ussuk1westprod.blob.core.windows.net, lmi-antivirus-live.azureedge.net, gist.githubusercontent.com, cfl.dropboxstatic.com, dlmping2.adobe.com, fpdownload.adobe.com, lightning.force.com, xp-cdn.apple.com, adminwebservice.microsoftonline.com, gg.apple.com, office.live.com, mask.icloud.com, ccs.login.microsoftonline.com, iwork.apple.com, outlook.office365.com, wsus1westprod.blob.core.windows.net, tsfe.trafficshaping.dsp.mp.microsoft.com, vbrickrev.com, events.data.microsoft.com, europe.x.cp.wd.microsoft.com, webinar.com, itunes.apple.com, logmeinrescue-enterprise.com, jiveip.net, ls.apple.com, apple-cloudkit.com, ntservicepack.microsoft.com, xp.apple.com, gotoassist.me, getgoservices.net, diagassets.apple.com, security.microsoft.com, automatedirstrprdeus.blob.core.windows.net, clientconfig.microsoftonline-p.net, media-assetcatalog.microsoft.com, newrelic.com, gofastchat.com, officecdn-microsoft-com.akamaized.net, logincert.microsoftonline.com, usseu1northprod.blob.core.windows.net, gotomypc.com, winatp-gw-eus3.microsoft.com, wustat.windows.com, dropbox.com, wss-mobile.slack.com, loginex.microsoftonline.com, ussus2eastprod.blob.core.windows.net, gotomeet.me, onjive.com, data.logentries.com, wd.microsoft.com, logmeinrescue.eu, idmsa.apple.com, ussus2westprod.blob.core.windows.net, ussus1westprod.blob.core.windows.net, x.cp.wd.microsoft.com, winatp-gw-ukw.microsoft.com, wseu1northprod.blob.core.windows.net, gotowebinar.com, download.microsoft.com, intel.com, uk-v20.events.data.microsoft.com, unitedstates.x.cp.wd.microsoft.com, digicert.com, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, getgoservices.com, echocdn.com, awmdm.com, internapcdn.net, gnf-mdn.apple.com, ciscospark.com, protection.office.com, rtcprov.net, lmi-appupdates-live.azureedge.net, echosign.com, expertcity.com, login.microsoft.com, gotoassist.com, us-v20.events.data.microsoft.com, albert.apple.com, gotoroom.com, winatp-gw-cus.microsoft.com, lencr.org, officeapps.live.com, gs.apple.com, tokbox.com, ig.apple.com, ws-ee-maidsvc.icloud.com, gotoconference.com, winatp-gw-neu.microsoft.com, githubusercontent.com, gotoassist.at, automatedirstrprdukw.blob.core.windows.net, hamachi.cc, push.apple.com, winatp-gw-neu3.microsoft.com, logmeinusercontent.com, api.opentok.com, school.apple.com, grammarly.io, support.me, teams.microsoft.com, salesforce.com, swdist.apple.com, joinwebinar.com, certs.apple.com, swcdn.apple.com, wsuk1westprod.blob.core.windows.net, google-analytics.com, gsa.apple.com, axm-adm-enroll.apple.com, passwordreset.microsoftonline.com, eum-appdynamics.com, smp-device-content.apple.com, apps.apple.com, windowsupdate.microsoft.com, gotomeeting.com, ppq.apple.com, login-us.microsoftonline.com, windowsupdate.com, account.activedirectory.windowsazure.com, ussus4westprod.blob.core.windows.net, compliance.microsoft.com, firebaseio.com, graph.windows.net, identity.apple.com, logmein.eu, go2assist.me, icloud.apple.com, cdn.x.cp.wd.microsoft.com, mediadiscovery.microsoft.com, ussus1eastprod.blob.core.windows.net, 123rescue.com, ns.itunes.apple.com, ussus3eastprod.blob.core.windows.net, swscan.apple.com, provisioningapi.microsoftonline.com, jointraining.com, valid.apple.com, sli.do, mp.microsoft.com, nexus.microsoftonline-p.com, swdownload.apple.com, setup.icloud.com, device.login.microsoftonline.com, doh.dns.apple.com, automatedirstrprdweu.blob.core.windows.net, lcdn-locator.apple.com, static.opentok.com, get3.adobe.com, fastsupport.com, joingotomeeting.com, helpme.net, bam.nr-data.net, updates.cdn-apple.com, gotostage.com, business.apple.com, lb.slack-msgs.com, gototraining.com, join.me, winatp-gw-cus3.microsoft.com, appleid.cdn-apple.com, ussuk1southprod.blob.core.windows.net, protection.outlook.com, winatp-gw-uks.microsoft.com, sstats.adobe.com, logmein-gateway.com, wss-backup.slack.com, platformdl.adobe.com, apzones.com, axm-adm-scep.apple.com, fba.apple.com, prod.do.dsp.mp.microsoft.com, wdcp.microsoft.com, cdn.microsoft.com, winatp-gw-weu.microsoft.com, static.ips.apple.com, gsas.apple.com, get.adobe.com, LogMeIn123.com, mail.protection.outlook.com, accounts.accesscontrol.windows.net, openvoice.com, dl.delivery.mp.microsoft.com, mdmenrollment.apple.com, msidentity.com, cdngetgo.com, accompany.com, skypeforbusiness.com, api.apps.apple.com, googleapis.com, ess.apple.com, auth.microsoft.com, getgo.com, login.microsoftonline.com, goto-rtc.com, anvil.opentok.com, jive.com, documentforce.com, axm-adm-mdm.apple.com, internap.net, slido.com, cdn.walkme.com, configuration.apple.com, psyjs-cdn.nuvixa.com, winatp-gw-weu3.microsoft.com, account.office.net, humb.apple.com, godaddy.com, update.microsoft.com, dropboxusercontent.com, webex.com, store-images.s-microsoft.com, stats.adobe.com, apple-livephotoskit.com, zoom.us, appdynamics.com, login.windows.net, autologon.microsoftazuread-sso.com, wsus1eastprod.blob.core.windows.net, gotomeet.at, icloud-content.com, packages.microsoft.com, defender.microsoft.com, raas.io

SSL 略過 CIDR

104.245.56.0/21, 185.23.248.0/22, 80.81.128.0/20, 199.255.120.0/22, 192.209.24.0/21, 199.68.212.0/22, 103.44.68.0/22, 66.81.240.0/20, 208.87.40.0/22, 20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16