Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 1130 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophostest.com treated differently http vs https

Richard Roderick1

If I do a policy test for https://sophostest.com/adult/index.html the Web Protection Category is marked as "Information Technology"

If I do a policy test for http://sophostest.com/adult/index.html the Web Protection Category is marked as "Sexually Explicit"

There should be zero difference in how a URL is categorized based on HTTP vs HTTPS.

Anyone else seen this?



This thread was automatically locked due to age.
Parents
  • 0

    Just tested this, twice with the same result: "Sexually Explicit"

    Have you tried emptying the browser cache?

  • +1 in reply to Peter-Paul Gras

    Thanks for checking. I went ahead and opened an incognito window to test. Note that I am using the "Policy test" link under the log viewer, so browser caching should not apply.

    I did some more tests. If I have web proxy set instead of dpi engine it behaves the same. 

    If I actually decrypt the site (which I wasn't before) then it correctly flags it as Sexually explicit both via web proxy and DPI. So it seems the content and not the URL is determining the category and thus it was marked incorrectly when not inspecting the content.

Reply
  • +1 in reply to Peter-Paul Gras

    Thanks for checking. I went ahead and opened an incognito window to test. Note that I am using the "Policy test" link under the log viewer, so browser caching should not apply.

    I did some more tests. If I have web proxy set instead of dpi engine it behaves the same. 

    If I actually decrypt the site (which I wasn't before) then it correctly flags it as Sexually explicit both via web proxy and DPI. So it seems the content and not the URL is determining the category and thus it was marked incorrectly when not inspecting the content.

Children
  • 0 in reply to Richard Roderick1

    Hi,

    the result of your test will be determined by your firewall rule. If you are using the DPI then you need to have no scanning or proxy type functions in your rule because the DPI will pass the results to the proxy and give you a false answer.

    Ian

  • 0 in reply to rfcat_vk

    Roger that, thanks for the reply. I did adjust accordingly based on proxy or dpi on the rule. The thing that ultimately made the difference was that the content itself wasn't being scanned via HTTPS (on purpose) and the content was actually changing the categorization. Once I enabled scanning the HTTPS content it worked as expected.