search cancel

Disable SSL interception for single URL


Article ID: 166365


Updated On:


Advanced Secure Gateway Software - ASG Symantec WebFilter (formerly Blue Coat WebFilter - BCWF) Secure Web Gateway Virtual Appliance ProxySG Software - SGOS


SSL interception can be disabled for a single URL/Domain using CPL or VPM policy if the deployment is explicit. In a transparent deployment, SSL can be disabled using server certificate and not destination URL as mentioned in How to bypass SSL based on server certificate.

This will not disturb SSL interception for other URLs or Domains.



Disable SSL interception through the VPM:
  1. Log in to the Management Console (https://<IP_address>:8082).
  2. Select Configuration > Policy > Visual Policy Manager. Click Launch.
  3. In the VPM, select Policy > Select SSL Intercept Layer.
  4. Click Add Rule.
  5. Right-click the Destination field and select Set.
  6. Click New and select Request URL Object.
  7. Enter URL in the URL field and then click Add.
  8. Right-click the Action column, select Set > Disable SSL interception.
  9. Click Install Policy. Your new policy has been installed.
Disable SSL interception through CPL:
  1. Log in to the Management Console (https://<IP_address>:8082).
  2. Select Configuration > Policy > Policy Files > Policy Files.
  3. There is an "Install policy" section where you can install policy from a local file, forward file, and central file.
  4. Select Text Editor from the drop-down list to the right of "Install Local file from". Click Install.
  5. If this is a new proxy deployment, your local policy may be blank. If this is an established proxy with local policy, scroll down to the bottom of the data contained in the text editor.
  6. Copy and paste the following CPL: 

    url.domain="" ssl.forward_proxy(no)     
  7. Select Install > OK > Close.
  8. Click Apply. Your new policy has been installed
Note: is for example.