Hot!cannot block HTTPS by policy

Author
input04@hotmail.com
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 01:26:39
  • Status: offline
2019/01/19 01:37:14 (permalink)
0

cannot block HTTPS by policy

Hi all, i'm trying to create a rules to block HTTPS sites by policy for a specific workstation.
If i specify an HTTP site it would work, but not https. 
 
See attached screenshot.
 
Thanks in advance!

Attached Image(s)

#1

4 Replies Related Threads

    kuemacn
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/19 05:12:12
    • Status: offline
    Re: cannot block HTTPS by policy 2019/01/19 06:01:12 (permalink)
    0
    hi ,World you try to use "web filter"?
     
    #2
    emnoc
    Expert Member
    • Total Posts : 5108
    • Scores: 318
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: cannot block HTTPS by policy 2019/01/19 06:32:28 (permalink)
    0
    You need to decrypt the traffic go see the actual request. HTTPS would indicate security.
     
    Ken

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #3
    sw2090
    Gold Member
    • Total Posts : 255
    • Scores: 10
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: cannot block HTTPS by policy 2019/01/20 23:29:51 (permalink)
    0
    @kuemacn: webfilter itself coan only block (or no block) urls but not protocols. It don't care if you do https or http or whatever. You might have to use either url filter with a block https://*  rule or do it via ssl (deep) inspection to decrypt the traffic.
    #4
    Dave Hall
    Expert Member
    • Total Posts : 1340
    • Scores: 138
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: cannot block HTTPS by policy 2019/01/21 09:55:19 (permalink)
    0
    @OP
     
    Considering that most sites are encrypted these day, I must ask why do you want to block HTTPS? Also, some sites (especially Google related) may force-redirect your browser into using HTTPS, in which case this may cause a connection error with the browser (e.g. site keeps redirecting to https but browser can't connect to).
     
    That said, depending on the browser (and version) there is no guaranty that true HTTPS will be used with some sites - Google has taken to using the QUIC Protocol, which is can be thought as HTTP/HTTPS on UDP.
     
    Edit: I am under the assumption OP wants HTTP only access to certain sites.
    post edited by Dave Hall - 2019/01/21 09:59:25

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.2/5.4 (FWF40C/FW92D/FGT200B/FGT200D/FGT101E)/ FAP220B/221C
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5