Blocked Categories in G4 override all allow rules above the list
Article ID: 168307
Updated On:
Products
Web Security Service - WSS
Issue/Introduction
Web Security Service (ThreatPulse)
There is a scenario where Block Categories in the G4 policy row overrides all Allow rules above the list. This occurs only when the SSL Interception is set as Disable and the site is HTTPS; HTTP sites are not blocked.
There is a scenario where Block Categories in the G4 policy row overrides all Allow rules above the list. This occurs only when the SSL Interception is set as Disable and the site is HTTPS; HTTP sites are not blocked.
Cause
The ThreatPulse policy is not able to determine category by its URL because with HTTPS/SSL the URL is known only after the SSL handshake.
Resolution
For security reasons, this is the expected behavior.
#1
Enable SSL Interception.
#2
Remove the category from the G4/Block Categories rule and create another rule specifically to block this categories below the Allow rule for specific clients or destinations.
Note: This additional rule is different from G4 because G4 defaults to Anyone and Anywhere.
Workaround
Possible workarounds.#1
Enable SSL Interception.
Services > Network > SSL > Enable
Note: Clients must install the Entrust Root certificate to be trusted and avoid the warning prompt.#2
Remove the category from the G4/Block Categories rule and create another rule specifically to block this categories below the Allow rule for specific clients or destinations.
Note: This additional rule is different from G4 because G4 defaults to Anyone and Anywhere.
Feedback
Yes
No
Powered by
