Ask the Expert

How should I repair a firewall that cannot process HTTPS addresses?

Our Internet network uses a Zywall70 firewall to filter gambling, pornographic, chat and other non-business sites. I found that this firewall cannot filter or log the sites whose address begins with HTTPS. How should we fix this, if the firewall is in fact the reason why it's not working properly?

    Requires Free Membership to View

It sounds like your firewall is not performing HTTPS proxying. The difference between HTTP and HTTPS, of course, is that HTTPS traffic is encrypted when passed over the network. If HTTPS proxying is not in use, the firewall cannot decrypt the contents of the HTTPS session. Since it cannot read the URL from the encrypted network stream, it is not possible for the firewall to perform content filtering on the connection. It's not a problem with your firewall; it's the desired behavior of HTTPS, since such a protocol prevents eavesdropping.

If you must perform content filtering on encrypted traffic, you have a couple of options. You may wish to consider partially or fully blocking HTTPS traffic with your firewall, limiting the traffic to business-critical uses. Alternatively, you can set up an HTTPS proxy server for your organization and use it to implement content filtering.

This was first published in September 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: