Allow Specific Slack Workspace

Currently at the time of writing this article, Zscaler only supports tenant restrictions for O365 and allowed domains for G-Suite.

If you’re looking to allow access to a specific Slack workspace and block access for anything else, you will need the following:

  • SSL Inspection must be enabled (Zscaler App for road warriors or location based)
  • Create Custom URL Category
  • Create URL Filtering policy Rule Order # 1 to ALLOW Custom URL Category which contains the Slack workspace and supporting URLs you’re wanting to ALLOW
  • Create URL Filtering policy Rule Order # 2 to BLOCK Custom URL Category which contains wildcard for .slack.com

Below is a short video summarizing the steps above:

Step 1 (assuming SSL inspection is already enabled)

Create a Custom URL Category with the following URLs; being sure to replace both containing Zscaler with the name of the workspace you’re wanting to ALLOW:

List of URLs to ALLOW

a.slack-imgs.com
api.slack.com
app.slack.com
b.slack-imgs.com
edgeapi.slack.com
files.slack.com
go.slack.com
join.slack.com
my.slack.com
slack-core.com
slack-edge.com
slack-files.com
slack-imgs.com
slack-msgs.com
slack-redir.net
slack.com/
slackb.com
wss-backup.slack.com
wss-mobile.slack.com
wss-primary.slack.com
www.slack.com
zscaler.slack.com

Step 2

Create a Custom URL Category with the wildcard entry for .slack.com that will BLOCK everything else.

List of URL wildcard to BLOCK

.slack.com (be sure to include the leading period)

Step 3

Create URL Filtering Policy in Rule Order # 1 to ALLOW the custom URL category created in Step 1

Step 4

Create URL Filtering Policy in Rule Order # 2 to BLOCK the custom URL category created in Step 2

Troubleshooting

Slack Reference

4 Likes