Web Blocker Deny Message Doesn't show on HTTPS sites
Hi, I used WatchGuard Web Blocker for the first time and I have just an inquiry regarding the deny messages being shown when accessing websites that must be blocked by the FW.
When I try accessing facebook using http, my customized deny message is being displayed. However, when accessing it via https, which is the usual way of accessing websites, it denies my access to it but no deny message is being shown.
Can anyone help me regarding this one? Thank you.
0
Sign In to comment.
Comments
A HTTPS session is encrypted between the web client and the web server, so there is no way for the firewall to send a deny message to the web client.
To do this, you need to implement HTTPS Inspect, where the session is encrypted between the web client and the firewall, the content is inspected, and then there is a session between the firewall and the web server.
Then if there is a Web Blocker setting in the HTTP proxy action specified on the HTTPS proxy action, that will be applied as part of the Inspect, and a WB deny message can be sent back to the web client.
HTTPS Inspect requires a certificates from the firewall to be installed on the web browser or the PC.
Review this:
HTTPS-Proxy: Content Inspection
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html