URL filtering works even without TLS decryption. But without additional steps you will not be able to inject a response page.
Did you check the URL log when you open this BBC player website? There you should (depending on how the website is built) be able to identify the website that you need to block (with a custom URL category).
the url is:
if i go via http then it is blocked, the https version works. There are a number of URL's displayed in ther URL Filtering log, none of which are bbc/iplayer.
The block page dispplays when browsing via non-https. How can i get this blocked when going via https and still display the block page?
This one is not possible without TLS decryption because the firewall sees only the fqdn (at best, but normally with a current browser). So for example if the URL would be iplayer.bbc.co.uk then blocking without decryption would work...
ive imported a subordinate CA from our Windows Server and am now decrypting SSL, this is allowing me to block https sites as required.
Are there any drawbacks to me doing this?
It depends ...
If you are only decrypting this one connection to the bbc website, then there shouldn't be big drawbacks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!