Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

HTTPS and Web Filtering

Created: 16 Feb 2010 • Updated: 19 Aug 2010 | 3 comments

Hi,

I tried to stop access to a anonimous proxy and I did not succeed because it works in https. See https: / / www.vtunnel.com

If I allow https level of "common protocols" is that the urls that use that protocol can not be filtered.

Any ideas?

Joan

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

Don2's picture

Hi Joan,

I´m 99% certain that if it is https it cannot be blocked...but maybe someone from Symantec can confirm this for us? Kevin? Sergi?

Thanks,
Simon

Sergi Isasi's picture

Actually we can and do block HTTPS to IP addresses that match a content or malware category our customers have configured as blocked.

As you likely know, the HTTP header for SSL is slightly different than regular HTTP.  In HTTP, the GET contains the actual URL being requested (www.vtunnel.com).  In HTTPS, we actually only see the IP address in the GET (76.73.42.2).  Because of this, there has to be a classification match on the IP in order to block HTTPS based upon policy.  In this particular case, we had a classification match for vtunnel.com (Anonymous Proxies) but not 76.73.42.2 - so it did not block.  I've requested we add Anonymous Proxies as a classification for 76.73.42.2.

Hope this clears things up.

SI

Senior Product Manager - Web Gateway

Sergi Isasi's picture

As follow up: 76.73.42.2 is now classified as Anonymous Proxies.

Senior Product Manager - Web Gateway