ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Proxy's disable SSL interception for URL path but still SSL intercepts the main URL domain.

book

Article ID: 226948

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

There is a requirement to disable SSL interception only for the URL path and not the main domain.

For example, to disable SSL interception for "www.google.com/maps" but not "www.google.com".

Resolution

Unfortunately the requirement to just bypass SSL interception for a path but still would like to SSL intercepts the main domain would not be possible with the current design of the proxy. Whenever an HTTPS request been sent in explicit proxy, the proxy will only see the main domain in that CONNECT request before it proceed with the rest of processes like policy evaluation which includes on whether to SSL intercepts the request or not. So in order for the proxy to 'see' the path, it would need to SSL intercepts the request first and only then it would only be able to 'see' the path.

In this case, in order for the proxy to see the path - "www.google.com/maps", the proxy would need to SSL intercepts first and only then it would be able to see the path - "maps" but at this stage, the request had already been SSL intercepted. Disabling protocol detection for www.google.com/maps under the Web Access Layer or Proxy layer will not help as well even though the policy trace did show that the request did match the rule but still proxy will still SSL intercepts the request.

The only option for this is to disable SSL interception based on the main domain which is www.google.com and currently we do not support doing it for a path.