Problem solve Get help with specific problems with your technologies, process and projects.

How should I repair a firewall that cannot process HTTPS addresses?

SearchSecurity.com's network security expert Michael Chapple explains how to enact HTTPS proxying and plug up the holes in your firewall.

Our Internet network uses a Zywall70 firewall to filter gambling, pornographic, chat and other non-business sites. I found that this firewall cannot filter or log the sites whose address begins with HTTPS. How should we fix this, if the firewall is in fact the reason why it's not working properly?
It sounds like your firewall is not performing HTTPS proxying. The difference between HTTP and HTTPS, of course, is that HTTPS traffic is encrypted when passed over the network. If HTTPS proxying is not in use, the firewall cannot decrypt the contents of the HTTPS session. Since it cannot read the URL from the encrypted network stream, it is not possible for the firewall to perform content filtering on the connection. It's not a problem with your firewall; it's the desired behavior of HTTPS, since such a protocol prevents eavesdropping.

If you must perform content filtering on encrypted traffic, you have a couple of options. You may wish to consider...

partially or fully blocking HTTPS traffic with your firewall, limiting the traffic to business-critical uses. Alternatively, you can set up an HTTPS proxy server for your organization and use it to implement content filtering.

This was last published in September 2006

Dig Deeper on Application firewall security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.