cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 1 of 1

WGCS Path Based Whitelisting for HTTPS Sites When Managing with ePO Cloud

Using MWG to manage your WGCS policy opens up almost all of the granular filtering options that are available on premise. However, many customers especially smaller companies with limited security staffs prefer the simplicity of managing WGCS policy through ePO cloud. The simplified interface there currently only provides a subset of the features available when MWG is managing WGCS policy. One of the limitations is with the way that category filtering and URL whitelists are handled for HTTPS sites.

First, as with any filtering of HTTPS that includes URL path, SSL scanning must be enabled for the site in question as SSL scanning can only be enabled or disabled on the initial CONNECT. WGCS allows for SSL inspection to be enabled or disabled by category(using hostname) or URL list (actually only host and domain names).

Second, once the HTTPS site is decrypted and the CONNECT is allowed, although blacklisting a particular URL by path within an allowed category will work as expected, whitelisting by path within a blocked category will not without the approach described here because the category blacklist will block the initial CONNECT.

So how do we handle the situation where we want to whitelist a specific path on a site that is in a blocked category? For example if www.example.com was in the social networking category and I wanted to only allow https://www.example.com/example and block all other paths on example.com and all other social media,

To do this:

1. Enable ssl inspection for example.com with all subdomains enabled or simply enable inspection for the category it is in (in this example Social Networking)

2. Add a Web Category URL Whitelist Rule for example.com/example with all subdomains enabled (this won't apply until after the connection is established with SSL decryption enabled)

3. Below that (2), add a Web Category URL Blacklist Rule for example.com/ with all subdomains enabled (this won't apply until after the connection is established with SSL decryption enabled)

4. Below that (3), Add a Web Category URL Whitelist Rule for example.com with all subdomains enabled (this will apply when the connection is initially established)

5. Block Social Networking in the web category filter.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community