Unfortunately CSA does not support using URLs with the names, however you can do a rule that puts your browser in an application class when it tries to reach your intranet on it's ip address on say port 80/443, to further ensure this will only happen when you are on your internal network, you could make the rule dependant on something like MC Reachable and Internal Corporate DNS Suffix state, then create a file access rule for that application class that blocks .pdf writes.
Here is your problem, once you create a class and put the radio button, when dynamically created, you have created a dynamic application class, this means that you have to create another rule that triggers putting your browser into that class, when the application tries to reach some ip addresses on say port 80/443, so what you do is, you create a network access rule, change action to add process to application class, choose your newly created application class name, and then select when csa should put the browser into that class.
If you actually accomplished this using CSA, then you would prevent the user from being able to read the PDFs at all. If you open a PDF in a browser, it still has to be cached to the drive before its viewed.
Your best defense in this case is not CSA, but a combination of NTFS permissions and IP restrictions on the Intranet server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :