is allowed through the ProxySG though there is a policy to Deny Audio/Video Clips Category


Article ID: 168529


Updated On:


ProxySG Software - SGOS


The ProxySG is in transparent mode, port 443 is intercepted as TCP Tunnel or SSL, and a policy has been made to Deny access to Audio/Video Clips Category, but users still have access to

Filtering for other HTTPS sites is working as is categorized as Social Networking and being blocked by the ProxySG.


Intercepting SSL traffic as TCP Tunnel or SSL without having an explicit SSL Intercept Layer will not reveal the URL to which the client is going. The ProxySG only sees SSL request or TCP connect to specific IP address.

The BCWF database or any other web filter database can contain some entries for specific IP’s so these IP’s will be categorized correctly.

If these IP’s are not categorized, then the ProxySG most likely will allow this connection based on the configured policy.

For, a policy trace may contain the following requests:

and other SSL requests to other IP’s

These IP addresses are categorized as Search Engines as these IP addresses represent also, and then these servers (Google servers) will redirect the request for YouTube webpage to the YouTube server based on the URL embedded on the encrypted connection.

SSL Intercept Layer must be in place to be able to read the exact URL of YouTube and then be able to block it as an Audio/Video Clips site.