Battle.net Client Can't Download Updates

One more question: Why do you use "^https?" pattern in HTTP scanning rules? I know that it doesnt hurt, but it is needed to duplicate those in the section below.

Say you had a pattern battle\.net and then imagine the URL

http://evilsite.com/malware.exe?fooltheproxy=battle.net

If your regex only had battle\.net then it would match because it is implicitly .*battle\net.* .  By putting in a full regex including the ^https? you are really removing the .* at the beginning and making sure your search string only matches in the FQDN.

But in any sort of testing or debugging I recommend using the simplest RegEx.  Here is a tool intended to help build RegEx for the Sophos UTM but it applies equally here.

http://utmtools.com/QuickRegex

That was not my intention.

Just why do you use "^https?://" in HTTP rules instead of "^http://". I will make it clear, I was asking why "s?" is included.

The regex s? means "letter s" "zero or one of them".  Basically https?:// will match both http:// and https://

I know that. But we are discussing HTTP only rules not HTTP and HTTPS.

Though the section heading is "HTTP Scanning Rules" in reality it is "anything that goes through the web proxy" which includes HTTP, HTTPS, and FTP-over-HTTP.

For most people, if they want to turn off the virus scanner for domain.com they want to turn it off for both http and https access to domain.com therefore the convention is to use that notation.

If you wanted to turn off the virus scanner for http access and leave it on for https access then you would not include s?.

Though the section heading is "HTTP Scanning Rules" in reality it is "anything that goes through the web proxy" which includes HTTP, HTTPS, and FTP-over-HTTP.

For most people, if they want to turn off the virus scanner for domain.com they want to turn it off for both http and https access to domain.com therefore the convention is to use that notation.

If you wanted to turn off the virus scanner for http access and leave it on for https access then you would not include s?.

Well, then maybe the section names should be changed to: "Proxy scanning rules" and "HTTPS bypass rules". Especially when we have a section named "HTTP/HTTPS Configurations" just above.

The name "HTTP Scanning Rules" may be misleading in this context. As i was thinking it is only for HTTP traffic and nothing else.

Let me put this straight: To bypass scanning of some SSL secured sites I MUST put the domain into "HTTP Scanning Rules" as regexp and then into a category in "HTTPS Scanning Rules".

Is it correct ?

In v2 this configuration screen will be rewritten.  I don't know what the UI will look like but it will probably be closer to the way the UTM does exceptions.

There are two different bypasses involved.

To stop the man-in-the-middle decryption of SSL traffic in an HTTPS connection then you must use the HTTPS Scanning Rules.  If in the firewall rule you have "HTTPS scanning" turned off this option will make no difference.

To stop the AV scanning of HTTP traffic or the AV scanning of HTTPS traffic that has been decrypted then put it in the HTTP Scanning Rules,  I don't know the full details but it might turn off some other scanning in addition to AV (eg I don't know if it would also skip category blocks).

If you have turned of the decryption of SSL traffic (HTTPS scanning rules) then there is no decrypted traffic to send to the AV scanner and the HTTP Scanning Rules makes no difference.  So in theory if you are having HTTPS / SSL problems you only need to put it in the HTTPS rules.  Though if that still does work you throw theory out and try putting it in both.  :)