ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Report logs shows Allowed for blocked categories

book

Article ID: 172305

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

In the report logs, a category which is supposed to be blocked is 'Allowed' with the scheme as 'tcp ://'

 

Resolution

In the report logs, if you could see the allowed requests are with 'tcp://' scheme. These are the initial TCP hand-shake request that hits the proxy when the user tries to access any HTTPS site. The proxy will detect the protocol and then pass the request to SSL proxy (ssl:// scheme) and once SSL interception is completed you will see https://

The tcp:// requests will be 'Allowed' to always complete protocol detection and SSL interception. At this stage (tcp://), the proxy is not sending the request out to the internet. It is only trying to detect the underlying protocol and complete the interception.

Attachments