Hi friends,
did someone have a best practise with the topic?
We used the ssl-scanning now in a transparent proxy enviroment and have this error for some sites. Some like banking (for bankingsoftware) i added to the transparent mode skiplist, because it does not work in exeptions list (dont know why) and its a single host/ip for destination.
We also use teamviewer for managing clients on remote sites. This will work in the exeptions list with skipping certificate checks, but temviewer use every time other servers.
Atm we have more than 60 entries like "https://37.252.225.6", because the entry "^https?://([A-Za-z0-9.-]*\.)?teamviewer\.com/" will not work.
Logfile
2014:02:24-09:57:48 ***-1 httpproxy[7558]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="***.***.***.69" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x18a9c838" url="185.31.193.117" exceptions="" error="Failed to verify server certificate"
2014:02:24-09:57:48 ***-1 httpproxy[7558]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="***.***.***.69" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x1ad1e528" url="185.31.193.117" exceptions="" error="Failed to verify server certificate"
2014:02:24-09:57:51 ***-1 httpproxy[7558]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="***.***.***.69" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x1d0af958" url="185.31.193.117" exceptions="" error="Failed to verify server certificate"
How is your experience with ssl-scanning and how you resolve the problem named in topic?
This thread was automatically locked due to age.
