4 Replies Latest reply on Jun 27, 2013 2:54 AM by karubum

    How Can I block https in WGW 7.2 ?

    karubum

      I have a rule that internet connection is blocked to a certain group of user (Let say X) by blocking port 80 and 443 (https)

       

      Port 80 works for this rule but https does not.

       

      For example:

       

      user in this group cannot access to www.google.com but can do by https://www.google.com

       

      I do not want to block https port from firewall because my users in other group has to access to https sites.

       

      Is there any way to block https sites for just one group of users (X) without interfacing other rules.

       

      Not: I have block list for ruleset X too but it does not work for https.

       

      Message was edited by: karubum on 6/5/13 2:05:16 AM CDT
        • 1. Re: How Can I block https in WGW 7.2 ?
          asabban

          Hello,

           

          first of all I would ensure that HTTPS traffic is really going through MWG. In the proxy settings in the browser (assuming you are using explicit proxy) it is possible to configure a proxy for HTTP and don't use a proxy for HTTPS. In this case HTTPS requests will not reach MWG and cannot be blocked.

           

          Apart from that can you maybe share a screenshot of how your rule(s) look? Maybe there is an error somewhere we can correct. Also, are you using SSL Scanner?

           

          Thank you,

          Andre

          • 2. Re: How Can I block https in WGW 7.2 ?
            karubum

            I have other usergroups for internet access in WGW that they access to https sites which I allow them purposely.

             

            I have only one group of users that I need to block their https access.

             

            Yes, I have SSL Scanner and using it.

            I have certificate verification rule in it for some sites such as youtube, facebook...

             

            For my Blocked rule:

             

            Block Everything For Others

            URL.Port is in list Block 80_443

             

            At "Block 80_443" my 80 and 443 ports are listed.

             

            I have also Block Social Network rule too for this group where I have added the list of social media by typing with *

             

            Message was edited by: karubum on 6/5/13 2:41:38 AM CDT
            • 3. Re: How Can I block https in WGW 7.2 ?
              karubum

              I have solved most of the problem. Right now Group X cannot access to https web sites except the ones in SSL Scanner. When I put header criteria to exclude group x in here, it does not work because my cookie auth. ruleset comes after SSL Scanner ruleset. So it does not pick up user group from AD at SSL Scanner.

               

              Message was edited by: karubum on 6/17/13 9:15:22 AM CDT

               

              Message was edited by: karubum on 6/17/13 9:16:43 AM CDT
              • 4. Re: How Can I block https in WGW 7.2 ?
                karubum

                I have picked up facebook as a test page to improve my https blocking rule for Group X.

                 

                I have removed facebook urls and IP bloks from my SSL scanner list. Right now Group X cannot access to https://facebook.com whatsoever by using regular PC.

                But thin client users of Group X could access to https://facebook.com in IE browser. I have checked up in Crome and Mozilla browser https://facebook.com gets blocked successfully.

                 

                Is there anyone with answer why blocking facebook with https works on Crome and Mozilla but not on IE?

                 

                Message was edited by: karubum on 6/27/13 2:54:44 AM CDT