2 Replies Latest reply on Apr 18, 2017 3:31 PM by kbolt

    Protocol Is SSL Where I Expected HTTPS

    kbolt

      Hello all.
      My current MWG setup uses Explicit Proxy Authentication and Authorization (EPAA) ruleset to assign distinct policies to different users and user groups (as taught to me by the old guards of this forum). The criteria for my EPAA ruleset is Connection.Protocol = HTTPS OR Connection.Protocol = HTTPS OR Connection.Protocol = FTP. This works for me with no issue but I have seen where some sites have broken images once in a while. A rule trace shows me that these broken images occur because Connection.Protocol = SSL when the EPAA ruleset is hit. This causes the EPAA ruleset to be skipped and as such the user gets the Default policy which blocks the website the images would be loaded from. Now I was thinking I'd also have Connection.Protocol look for SSL in the EPAA ruleset criteria and that'd be the fix. Anyone think that change would be a bad idea?

       

      ALSO! Here's another noob question, why does Rule Trace show multiple requests in a single trace in Rule Trace Central? I mean like in the image I have below.

       

       

      SSL_but_not_HTTPS(2).JPG

        • 1. Re: Protocol Is SSL Where I Expected HTTPS
          Jon Scholten

          Hi Kbolt!

           

          Bit of background, for every SSL connection there will be two or more traces associated with that connection.

          1) The SSL handshake

          2) The requests inside the SSL tunnel

           

          The rule trace you're looking at is the SSL handshake (1). The first cycle is the CONNECT request, it is plaintext HTTP, as such, the Connection.Protocol is HTTP. The second cycle (in the same trace) is the "CERTVERIFY" whereby the MWG has connected to the server and obtained the certificate, this allows us to write rules based on the certificate and ssl handshake properties. The Connection.Protocol for the second cycle is SSL, as you found.

           

          In a rule trace that follows this one is the request inside the SSL tunnel (assuming content inspection is enabled). This is where the Connection.Protocol is HTTPS.

           

          Hope this helps!

           

          Best Regards,

          Jon

          • 2. Re: Protocol Is SSL Where I Expected HTTPS
            kbolt

            Many thanks for the clarification.