Skip to main content
Inadmin
Inadmin
New Member
January 19, 2019
Question

cannot block HTTPS by policy

  • January 19, 2019
  • 2 replies
  • 5898 views

Hi all, i'm trying to create a rules to block HTTPS sites by policy for a specific workstation.

If i specify an HTTP site it would work, but not https. 

 

See attached screenshot.

 

Thanks in advance!

    2 replies

    kuemacn
    kuemacn
    New Member
    January 19, 2019

    hi ,World you try to use "web filter"?

     

    emnoc
    emnoc
    New Member
    January 19, 2019

    You need to decrypt the traffic go see the actual request. HTTPS would indicate security.

     

    Ken

    sw2090
    SuperUser
    sw2090
    SuperUser
    January 21, 2019

    @kuemacn: webfilter itself coan only block (or no block) urls but not protocols. It don't care if you do https or http or whatever. You might have to use either url filter with a block https://*  rule or do it via ssl (deep) inspection to decrypt the traffic.

    Dave_Hall
    Dave_Hall
    New Member
    January 21, 2019

    @OP

     

    Considering that most sites are encrypted these day, I must ask why do you want to block HTTPS? Also, some sites (especially Google related) may force-redirect your browser into using HTTPS, in which case this may cause a connection error with the browser (e.g. site keeps redirecting to https but browser can't connect to).

     

    That said, depending on the browser (and version) there is no guaranty that true HTTPS will be used with some sites - Google has taken to using the QUIC Protocol, which is can be thought as HTTP/HTTPS on UDP.

     

    Edit: I am under the assumption OP wants HTTP only access to certain sites.

    Terms & ConditionsAccessibility statement