I hope you'll forgive me - I did search for this question, and while it is clear it has been asked in the past, I'm not sure if I understand it fully. So I'll include as much detail about the issue I'm having and how I've been trying to address it.
Our organization has transparent proxy enabled, but "Scan HTTPS (SSL) Traffic" is disabled. We also have a packet filter rule that allows all HTTPS traffic from the internal network to any destination.
When I enter information on the URL Filtering tab for sites to block (such as https?://([A-Za-z0-9.-]*\.)?facebook.com), then the site is successfully blocked when attempting to visit facebook.com. However, if a user goes to https://facebook.com (note https), then they are able to get to the site. I guess this makes since, since HTTPS traffic is allowed.
First question: This is expected behavior, correct?
So, the way I have attempted to address this is by creating a packet filter rule just above the "All HTTPS from Internal to Any" that says "Drop HTTPS from Internal to [DNS Host Group]". I've then populated that DNS host group with the sites I wish to block.
Now, when a user attempts to visit https://facebook.com, it times out instead. No "blocked site" message it displayed.
Second question: Is this expected behavior (no "blocked site", instead the browser times out).
Third question: Is this really the best way to address this issue?
Lastly, I've noticed that this doesn't work for all sites. For example, even with rapidshare.com in the DNS Host Group to for blocked sites, users can still visit the site when going to https://rapidshare.com. Why is this?
Thanks for any help you can provide.
This thread was automatically locked due to age.
