Issue

The following CASB rule has been configured to block users from accessing 'My Drive' in Google Drive. It is matched based on the 'Full Path URL' containing 'my-drive'.

However, the block to 'My Drive' was intermittent. Despite this rule, some users were blocked successfully, while others could still connect to 'My Drive' in Google Drive.

Environment

TLS inspection enabled

Troubleshooting

• When users accessed the URL directly - https://drive.google.com/drive/my-drive, the traffic was matched and blocked successfully by the CASB rule. 
• However, if the user first visits the Google Drive homepage (https://drive.google.com/drive/home) and clicks "My Drive" in the left navigation pane, the page loads with a randomly generated URL. Even though the screenshot below shows https://drive.google.com/drive/my-drive in the address bar, the HAR data reveals that no corresponding network request is made for the updated URL path. 
  
• This shows that the app relies on client-side routing. The browser does not send a new request for /drive/my-drive. Instead, JavaScript intercepts the action and updates the page content accordingly.
• As a result, the traffic fails to match the configured CASB rule, and the connection is not blocked. 

Solution 

This technical limitation can only be resolved by Google changing how it loads its pages. A potential workaround would be to configure the rule to block based on Download, Upload, or View instead of blocking based on Full Path URL.