first of all I would ensure that HTTPS traffic is really going through MWG. In the proxy settings in the browser (assuming you are using explicit proxy) it is possible to configure a proxy for HTTP and don't use a proxy for HTTPS. In this case HTTPS requests will not reach MWG and cannot be blocked.
Apart from that can you maybe share a screenshot of how your rule(s) look? Maybe there is an error somewhere we can correct. Also, are you using SSL Scanner?
I have other usergroups for internet access in WGW that they access to https sites which I allow them purposely.
I have only one group of users that I need to block their https access.
Yes, I have SSL Scanner and using it.
I have certificate verification rule in it for some sites such as youtube, facebook...
For my Blocked rule:
Block Everything For Others
URL.Port is in list Block 80_443
At "Block 80_443" my 80 and 443 ports are listed.
I have also Block Social Network rule too for this group where I have added the list of social media by typing with *
I have solved most of the problem. Right now Group X cannot access to https web sites except the ones in SSL Scanner. When I put header criteria to exclude group x in here, it does not work because my cookie auth. ruleset comes after SSL Scanner ruleset. So it does not pick up user group from AD at SSL Scanner.
Message was edited by: karubum on 6/17/13 9:15:22 AM CDT
I have picked up facebook as a test page to improve my https blocking rule for Group X.
I have removed facebook urls and IP bloks from my SSL scanner list. Right now Group X cannot access to https://facebook.com whatsoever by using regular PC.
Is there anyone with answer why blocking facebook with https works on Crome and Mozilla but not on IE?