[isapros] Re: Web Filter with HTTPS

  • From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Wed, 20 Jun 2007 14:25:06 -0700

Right- but I call "horse poop" on the "HTTPS is filtered on publishing rules 
even if the Web Filter is not bound to HTTPS" bit.  If you un-bind the Web 
Filter from HTTPS and create a rule, you can no longer configure HTTP filtering 
- there is no way to specify what you want filtered, even for the publishing 
rule.

I would expect outbound HTTPS to just be ignored, not broken, by having the Web 
Filter bound to HTTPS.

Is the Web Filter bound to HTTPS on your server, and can you configure HTTP on 
the outbound rules, and if so, does HTTPS work?

t
  ----- Original Message ----- 
  From: Gerald G. Young 
  To: isapros@xxxxxxxxxxxxx 
  Sent: Wednesday, June 20, 2007 2:17 PM
  Subject: [isapros] Re: Web Filter with HTTPS


  Ah. okay.



  Inbound HTTPS works because of publishing rules in place, I take it?  I 
believe that's what Jim was saying would work.



  No outbound makes sense because how can a filter see inside the encrypted 
traffic to make a determination on whether where it is going is okay or not?



  Cordially yours,

  Jerry G. Young II

  Application Engineer

  Platform Engineering and Architecture

  NTT America, an NTT Communications Company



  22451 Shaw Rd.

  Sterling, VA 20166



  Office: 571-434-1319

  Fax: 703-333-6749

  Email: g.young@xxxxxxxx



  From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thor (Hammer of God)
  Sent: Wednesday, June 20, 2007 5:11 PM
  To: isapros@xxxxxxxxxxxxx
  Subject: [isapros] Re: Web Filter with HTTPS





  Nothing to do with a listener... If the "Web Filter" app filter is checked 
under the parameters of the HTTPS protocol, all outbound HTTPS fails, yet 
inbound HTTPS still works, and is (presumably) being filtered based on the 
rule-by-rule "configure HTTP" settings.



  t



      Because something is broken?



      J



      By saying the Web Filter is bound to the HTTPS protocol, do you mean it 
is listening on port 443?  If that's the port it uses to communicate, wouldn't 
that interfere with being able to filter HTTPS traffic because it's no longer 
looking to filter but is instead looking to do its job on that port?



      Kind of like asking a police man to stand in a door way and listen for 
instructions on who to allow entry?  If someone comes up to the door, he's 
going to ignore them since he is only expecting instructions to come to him 
there and they won't come until someone actually tries to enter but can't 
because he's in the way and is ignoring their requests for entry.



      I think I just confused myself with that one.



      But why not bind the Web Filter to a different port?  Isn't the default 
8080 or something like that?



      Cordially yours,

      Jerry G. Young II

      Application Engineer

      Platform Engineering and Architecture

      NTT America, an NTT Communications Company



      22451 Shaw Rd.

      Sterling, VA 20166



      Office: 571-434-1319

      Fax: 703-333-6749

      Email: g.young@xxxxxxxx



      From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] 
On Behalf Of Thor (Hammer of God)
      Sent: Wednesday, June 20, 2007 4:15 PM
      To: isapros@xxxxxxxxxxxxx
      Subject: [isapros] Web Filter with HTTPS



      Just a sanity check here... why would all HTTPS traffic fail if the Web 
Filter was bound to the HTTPS protocol? 



      t

Other related posts: