ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When the "Enable SSL interception with automatic protocol detection" SSL interception option is selected in SGOS 6, why is a URL with a path like denied?


Article ID: 168702


Updated On:


ProxySG Software - SGOS


When performing SSL interception, two of the available options are:

  • Enable HTTPS interception

  • Enable SSL interception with automatic protocol detection

If you would like to allow, and at the same time deny, select the second option above, and use the following policy:
    ssl.forward_proxy(yes) detect_protocol(all) ssl.forward_proxy.issuer_keyring(default)

    ALLOW server_url.domain=//
    DENY url.domain=//

The URL will be denied.

However if you select the first option ("Enable HTTPS interception") and use the policy above, browsing to will be allowed, which is expected.


The reason is, when you select the second option, the ProxySG appliance will use this URL:

​first to evaluate against the policy, before sending the actual URL:
When you select the first option ("Enable HTTPS interception"), the actual URL request: was sent first to evaluate the policy.