Security Management Strategies for the CIOOur Internet network uses a Zywall70 firewall to filter gambling, pornographic, chat and other non-business sites. I found that this firewall cannot filter or log the sites whose address begins with HTTPS. How should we fix this, if the firewall is in fact the reason why it's not working properly?
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
It sounds like your firewall is not performing HTTPS proxying. The difference between HTTP and HTTPS, of course, is that HTTPS traffic is encrypted when passed over the network. If HTTPS proxying is not in use, the firewall cannot decrypt the contents of the HTTPS session. Since it cannot read the URL from the encrypted network stream, it is not possible for the firewall to perform content filtering on the connection. It's not a problem with your firewall; it's the desired behavior of HTTPS, since such a protocol prevents eavesdropping.
If you must perform content filtering on encrypted traffic, you have a couple of options. You may wish to consider partially or fully blocking HTTPS traffic with your firewall, limiting the traffic to business-critical uses. Alternatively, you can set up an HTTPS proxy server for your organization and use it to implement content filtering.
This was first published in September 2006