How to prevent non-enterprise users from accessing ChatGPT

How to prevent non-enterprise users from accessing ChatGPT

1222
Created On 11/26/25 00:30 AM - Last Modified 05/01/26 02:05 AM


Objective


  • Insert the ChatGPT-Allowed-Workspace-Id header for all traffic destined for ChatGPT enterprise domains.
  • Block all traffic to the anonymous ChatGPT endpoint (backend-anon), preventing non-enterprise access.
  • Ensure SSL decryption, URL filtering, and header insertion profiles operate together correctly.
  • Achieve functioning enterprise sign-in with ChatGPT while blocking non-enterprise usage

Environment


  • Prisma Access
  • SSL Decryption
  • Security Policy
  • URL Filtering Profile
  • HTTP Header Insertion Profile
  • Custom URL Categories

Procedure


Disable QUIC protocol before following the procedure.  If browsers try chatgpt using QUIC the procedure fails as it is UDP based.

1. Create Custom URL Categories

A. URL-chatgpt.com (Allowed / Enterprise Category)

Used for matching enterprise-allowed URLs in the security policy and URL filtering profile.
Entries:

  • chatgpt.com
  • chatgpt.com/
  • chatgpt.com/*

B. URL-ChatGPT-NonEnterprise (Blocked Category)

Used to block the anonymous access endpoint.
Entries:

  • chatgpt.com/backend-anon
  • chatgpt.com/backend-anon/
  • chatgpt.com/backend-anon/*

2. Configure the HTTP Header Insertion Profile

  • Header name: ChatGPT-Allowed-Workspace-Id
  • Value: Enterprise workspace ID from the ChatGPT Admin Console.
  • Domain entries (no wildcards used):
    • chatgpt.com

This profile will insert the enterprise ID header into decrypted HTTPS traffic matching the above domain.

3. Configure SSL Decryption

  1. Enable SSL forward-proxy decryption for ChatGPT traffic.
  2. Apply a decryption rule matching URL-chatgpt.com.
  3. In the decryption profile, enable:

    • Strip ALPN
      This setting was essential—once enabled, header insertion began working.

Verification: Visiting https://chatgpt.com should display the organization's signing certificate.

4. Create the URL Filtering Profile

Configure the profile as follows:

  • Alert: Custom category URL-chatgpt.com
    (Important: if this category is not set to alert, header insertion will not work—even if the security policy matches the traffic.)
  • Block: Custom category URL-ChatGPT-NonEnterprise

Note:
Even though backend-anon is blocked, no browser block pages appeared during testing—this appears to be normal behavior. Logs show the block events, and when logging into an enterprise account, ChatGPT itself displays a block page.

5. Build a Security Profile Group

Combine:

  • URL management profile
  • HTTP header insertion profile
  • Any additional profiles (AV, WildFire, Threat, DLP, etc.)

6. Apply a Security Policy

Match:

  • Any application
  • Any service
  • Custom URL category: URL-chatgpt.com

Apply:

  • The security profile group created above

This policy ensures all enterprise ChatGPT traffic is decrypted, evaluated, and receives the inserted header.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000kAa6KAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail