Advanced Application Controls

Some web-based applications offer the option to allow users to access the site but not to perform activities such as uploading, downloading, posting, or sharing content on those sites.

Depending on the destinations you select in an internet access rule, you will see an Advanced Application Controls section.

This section appears only if destinations added to the rule include one or more applications that allow granular controls on activities. These applications must be included in application lists or application categories selected as destinations, or be individual applications selected from application categories.

Use these advanced controls if you want to allow access to the site but block certain actions. If you don't want to allow access to the site at all, select the application, Application List, or Application Category in the destination list for the rule.

Table of Contents

Applications with Advanced Controls

If apps have advanced app controls, you can block all content for the app, block the app from uploading content including posts and shares, block the app from downloading content, or block the app from deleting content.

Cloud Storage

Box Cloud StorageCloud StorageYesYesYesYes
DropboxCloud StorageYesYesYesYes
FlickrCloud StorageYes
File DropperCloud StorageYes
GrosFichiersCloud StorageYesYes
Google DriveCloud StorageYes
Leap FileCloud StorageYesYes
MediaFireCloud StorageYesYes
Microsoft OneDriveCloud StorageYes
OpenDriveCloud StorageYes
OnehubCloud StorageYes
PicDropCloud StorageYesYes
SendThisFileCloud StorageYesYes
SmugMugCloud StorageYesYesYes
SlideShareCloud StorageYesYesYes
4sharedCloud StorageYesYes


Cisco Webex TeamsCollaborationYes
Microsoft TeamsCollaborationYesYes
Gyazo TeamsCollaborationYes
WhatsAppCollaborationYesIf you upload a Whatsapp file that has already been previously uploaded, Secure Access does block the upload of the file. As a workaround, manually delete the existing version of the file from the Whatsapp servers.

Content Management

Egnyte ConnectContent ManagementYes
LucidchartContent ManagementYes
PastebinContent ManagementYes



Office Productivity

BasecampOffice ProductivityYes
DocHubOffice ProductivityYes
AOL MailOffice ProductivityYes
EvernoteOffice ProductivityYes
GmailOffice ProductivityYes
Only for Gmail
Mail.ruOffice ProductivityYes
Only for
SmartsheetOffice ProductivityYes
TrelloOffice ProductivityYes
Yandex MailOffice ProductivityYes
Yahoo MailOffice ProductivityYes


Citrix ShareFileP2PYes

Social Networking

FacebookSocial NetworkingYes
Facebook MessengerSocial NetworkingYes
InstagramSocial NetworkingYesYes
LinkedInSocial NetworkingYesYesYes
PinterestSocial NetworkingYesYes
Tik TokSocial NetworkingYesYes
TwitterSocial NetworkingYesYes



  1. In an internet access rule, add as destinations any application categories or applications from the table above, or a configured application list that includes any of the above applications or categories.
  2. The Advanced Application Controls option will appear:
  3. Click Edit.
  4. In the pane on the left, select the types of activities to block:
  5. (Optional) Filter the list in the main pane by clicking All categories and choosing a category.
  6. In the main pane, select the activities to block for each application in the list
  7. (Optional) If you filtered the list, choose a different category, then select the activities to block for that category.
    Repeat as needed for each category in the All categories list.
  8. Click Save.


If advanced application control is not working as expected, check the following:

  • Decryption must be enabled in the web profile selected in the rule.
  • The site must not be on the Do Not Decrypt list selected in the web profile.
  • The domain—for example,—is not configured for Bypass Web Proxy on the Connect > End User Connectivity> Internet Security page. Any domains or IPs on this list will bypass Secure Access and be routed by your local DNS server. This list applies to PAC file and AnyConnect deployments.
  • When an application is blocked, a web notification page will not be displayed. Instead, an error message will be displayed in the application.

Block Internet Access to Geographic Locations < Advanced Application Controls > Global Settings for Internet Access Rules