Right- but I call "horse poop" on the "HTTPS is filtered on publishing rules even if the Web Filter is not bound to HTTPS" bit. If you un-bind the Web Filter from HTTPS and create a rule, you can no longer configure HTTP filtering - there is no way to specify what you want filtered, even for the publishing rule. I would expect outbound HTTPS to just be ignored, not broken, by having the Web Filter bound to HTTPS. Is the Web Filter bound to HTTPS on your server, and can you configure HTTP on the outbound rules, and if so, does HTTPS work? t ----- Original Message ----- From: Gerald G. Young To: isapros@xxxxxxxxxxxxx Sent: Wednesday, June 20, 2007 2:17 PM Subject: [isapros] Re: Web Filter with HTTPS Ah. okay. Inbound HTTPS works because of publishing rules in place, I take it? I believe that's what Jim was saying would work. No outbound makes sense because how can a filter see inside the encrypted traffic to make a determination on whether where it is going is okay or not? Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Wednesday, June 20, 2007 5:11 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Web Filter with HTTPS Nothing to do with a listener... If the "Web Filter" app filter is checked under the parameters of the HTTPS protocol, all outbound HTTPS fails, yet inbound HTTPS still works, and is (presumably) being filtered based on the rule-by-rule "configure HTTP" settings. t Because something is broken? J By saying the Web Filter is bound to the HTTPS protocol, do you mean it is listening on port 443? If that's the port it uses to communicate, wouldn't that interfere with being able to filter HTTPS traffic because it's no longer looking to filter but is instead looking to do its job on that port? Kind of like asking a police man to stand in a door way and listen for instructions on who to allow entry? If someone comes up to the door, he's going to ignore them since he is only expecting instructions to come to him there and they won't come until someone actually tries to enter but can't because he's in the way and is ignoring their requests for entry. I think I just confused myself with that one. But why not bind the Web Filter to a different port? Isn't the default 8080 or something like that? Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Wednesday, June 20, 2007 4:15 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Web Filter with HTTPS Just a sanity check here... why would all HTTPS traffic fail if the Web Filter was bound to the HTTPS protocol? t