Web Application/Operation Filtering not working sporadically

book

Article ID: 167127

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Web 2.0 Application and Operation Filtering was introduced in SGOS 6.2 with Blue Coat WebFilter data implemented. There are times when requests (e.g. message posting on various websites such as Facebook or YouTube) are not being filtered even though policy rules with Request URL Application and/or Operation Objects are implemented.

Resolution

In order for Web 2.0 Application and Operation Filtering to work properly, ProxySG must be able to see the complete URL (hostname and full path) in users' requests. As the popularity of HTTPS implementation increases, many websites would automatically redirect client's web sessions from HTTP to HTTPS upon login or similar action at the beginning of web sessions. If ProxySG is not configured for SSL Interception (Configuring SSL Interception For Explicit proxyConfigure SSL intercept for an explicit deployment using a self-signed certificate for explicit proxy deployment, Configure the ProxySG for SSL Interception and Authentication using an SSL certificate issued from a Microsoft PKI server for transparent proxy deployment), the complete URL would not be visible to SG when requests proxy through SG, in addition to not being categorized to the appropriate Web Application and/or Operation for filtering. Please be sure to implement SSL Intercept if HTTPS traffic is intended to be filtered.