When a user uses Puffin Web Browser on a iOS or Android device, the ProxySG appliance rules or filters (blacklist/whitelist) do not work; that is, the user can bypass rules and access blocked sites. However, if you enable HTTPS interception (transparent proxy), or enable protocol detection (explicit proxy), on the ProxySG, Puffin Browser crashes. How do I block the Puffin browser?
In the example of active sessions above, the Puffin browser obtains a random IP address each time it connects to www.cloudmosa.com (CloudMosa developed Puffin Browser). The appliance cannot see URLs or destination origin content servers (OCSes), as it sends all traffic through SSL.
If SSL interception is not enabled on the ProxySG appliance, you can block Puffin Browser by denying a server certificate object for "cloudmosa.com". Here is an example.
You can deny the server certificate object in either the Visual Policy Manager (VPM) or in the Content Policy Language (CPL).
Perform the following steps:
Add the following CPL: