SSL Sites bypass URL Category block

Reply
Not applicable

SSL Sites bypass URL Category block

Good Day Guys and Gals

I need ideas on the following issue please! I have a block on all Social networking sites for the company. The Policy works great when the user tries to access http://plus.google.com, but when they use SSL (https://plus.google.com) the user gains full access to the site. Same goes for all other Social networking sites! How do we stop them on SSL?

Thanx in advance!

L2 Linker

Re: SSL Sites bypass URL Category block

Hi, you need SSL Proxy to unencrypt SSL and analize the traffic. It is very easy to implement.

Regards

L6 Presenter

Re: SSL Sites bypass URL Category block

You could also block these using the URL filtering feature. URL filtering will work on encrypted or unencrypted traffic because it is making the allow/block decision using the unencrypted URL information.

-Benjamin

Not applicable

Re: SSL Sites bypass URL Category block

Good Morning Bpappas

Thank you for your reply!

I am actualy using the URL filtering feature, Policy with application filtering and plus.google url in custom deny list, but still it bypasses the PA......

Any other ideas?

L6 Presenter

Re: SSL Sites bypass URL Category block

@kobus.snyders:

if that is happening I would advise you to open a case with your support provider.

-Benjamin

Highlighted
L5 Sessionator

Re: SSL Sites bypass URL Category block

The problem with URL filtering and HTTPS traffic is that with HTTPS you cannot actually see the GET message which URL filtering normally looks at because it is encrypted. So URL filtering can only apply to the URL in the certificate. If that certificate does not have "plus.google.com" then URL filtering will not work on that. It seems https://plus.google.com certificate was issued to "*.google.com". You can see a server certificate in IE by going to File > Properties and then click on Certificates button.

Likely the only way you will be able to reliably identify social media sites would be to use SSL proxy decryption as others have suggested.

-Richard

L2 Linker

Re: SSL Sites bypass URL Category block

For this specific case, shouldn't blocking the 'google-plus' application achieve the same result?

L3 Networker

Re: SSL Sites bypass URL Category block

That is not the case for me, it does block it in chrome but not in IE or Fx?  I've also added a url filter but that didnt work iether for google+  Im still testing but I ahve to ahve this closed by the end of the week.  I may have to open a case for the Palo techs to help me out on this. 

L2 Linker

Re: SSL Sites bypass URL Category block

Hi, have you tried ssl decryption?. it works great with sites that uses ssl/https.

L3 Networker

Re: SSL Sites bypass URL Category block

Im nervous to turn on SSL Decryption. Is it reliable ? Do I have to turn it on for all SSL traffic ? I just want the URL information.

Justin

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!