Forum Discussion
Hi Peter
The easiest way would be to create a DataGroup (type: string), lets call it "sslo-bypass". Declare your domain name as a string with no value - then create TCP Service Chain Classifier with your "sslo-bypass" DataGroup set as a destination and Service Chain value set to "Bypass". While adding string records for "skype.com" to datagroup remember to add "skype.com" as well as ".skype.com!" for subdomains of skype.com (* will not work here).
You can use the same method to block certain domains just by setting SC value to Reject. The only problem with this case scenario is that what you get is just a tcp reset - so the user sees "Secure Connection Failed" instead of nicely looking "blocking page" telling him "Your request has been rejected by our security dept.".
Regards