This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blocking https

im trying to block some websites which are running in https mode. so i added those in the block list but its still reachable. what am i doing wrong? im using the latest asl version asg v7.501.

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

What mode are you running in? If 'Transparent', then are you also scanning HTTPS traffic? If not, then you must be using a packet filter rule to allow that traffic, and it is not being handled by the proxy.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 16 years ago in reply to BAlfson

Hi,
if you are using the proxy in standard mode, disable the https scanning function and make sure you don't have a packet filter rule that lets port 443 through.
Instead of internal-> any-> any-> allow
you would have
internal -> port 1:442-> any -> allow
internal -> port 444:65535-> any -> allow

But you must be careful with you nat rules to ensure that they don't generate packet filter rules that overide yours by being higher up (hidden) the list.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RFCat_vk_01 over 16 years ago in reply to BAlfson

Hi,
if you are using the proxy in standard mode, disable the https scanning function and make sure you don't have a packet filter rule that lets port 443 through.
Instead of internal-> any-> any-> allow
you would have
internal -> port 1:442-> any -> allow
internal -> port 444:65535-> any -> allow

But you must be careful with you nat rules to ensure that they don't generate packet filter rules that overide yours by being higher up (hidden) the list.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data