search cancel

Proxy's disable SSL interception for URL path but still SSL intercepts the main URL domain.


Article ID: 226948


Updated On:


ProxySG Software - SGOS


There is a requirement to disable SSL interception only for the URL path and not the main domain.

For example, to disable SSL interception for "" but not "".


Unfortunately the requirement to just bypass SSL interception for a path but still would like to SSL intercepts the main domain would not be possible with the current design of the proxy. Whenever an HTTPS request been sent in explicit proxy, the proxy will only see the main domain in that CONNECT request before it proceed with the rest of processes like policy evaluation which includes on whether to SSL intercepts the request or not. So in order for the proxy to 'see' the path, it would need to SSL intercepts the request first and only then it would only be able to 'see' the path.

In this case, in order for the proxy to see the path - "", the proxy would need to SSL intercepts first and only then it would be able to see the path - "maps" but at this stage, the request had already been SSL intercepted. Disabling protocol detection for under the Web Access Layer or Proxy layer will not help as well even though the policy trace did show that the request did match the rule but still proxy will still SSL intercepts the request.

The only option for this is to disable SSL interception based on the main domain which is and currently we do not support doing it for a path.