did you use ssl interception? Otherwise the webgateway is not able to check the whole URL Path. without ssl interception the proxy knows only the domainpart.
Do you want to say that full path url will not work without ssl scanner???
Anyways I have enabled ssl scanner ruleset.
Can you tell me how to allow full URL.
Does anybody knows??
No. This restriction belongs only to HTTPS Url. For HTTP you don't need SSL interception.
You can use the property URL to check against the whole URL.
But its not working with the current rule set..
Please help me with the same...
You may attach your ruleset to see what will happen. Maybe there is another rule blocking facebook. Did you try a rule trace?
feickholt mentioned, without inspecting SSL traffic this is not possible.
If the user enters the URL the proxy ONLY sees a CONNECT Request.
No HTML Content or URL Path is visible for the proxy if SSL is not inspected.
You can easily check this with a TCP trace.
1) User types the URL of Central Bank of India | Facebook in the browser
2) The proxy "sees" the connect request to www.facebook.com:443
3) Now the key exchange starts between the endpoint and the webserver.
4) After the SSL connection is established between the endpoint and the webserver the HTTP content is transferred to the endpoint. As you can see in the screenshot, the proxy only "sees" encrypted TCP traffic.
Therefore, you cannot use most of the properties in the ruleset when not terminating SSL.
Hope this is useful and helps understanding,
I have enabled the SSL scanner, then why the URL is not working..
can you do a Rule Trace under "Troubleshooting" -> "Rule trace central". There is another config change necessary if it does not work in your environment.
I will show you my analysis steps how to troubleshoot.
1) As you can see, Rule tracing central shows the whole reqeust
2) I definded an own debugging log to see how the properties are filled. Also a blocking rule with the following criteria
URL.path matches *centralbankofindia*
The result is a block of the request and a http response code 403
Perhaps there is another problem if it does not work in you environment,