HTTPS Content Inspection Exception List Management

Given that WG can update the HTTPS Content Inspection Exception List at any/every version update, there should be a way for us to set up a global list to be used by our HTTPS proxies instead of having to modify each and every one of our HTTPS proxies in order to remove an entry from the WG Content Inspection Exception List.

Gregg brought up that could be used by potential bad actors, and that if a XTM site is not using Zoom or Asana, that site might want to unselect the * entry in every HTTPS proxy action.
Not a pleasant task for a site with many HTTPS policies/proxy actions.


  • edited July 6

    I have not looked in that part of the HTTPS Proxy for a long time. That list is now HUGE! My count for 2.4.1 U2 is 205 exceptions. I agree that * and * are poor choices for exception - in fact, I would like to see more research work done so that we don't need all these exceptions. Exceptions mean that the content is not scanned and the protection offered by the Firebox is reduced significantly. Nasty business this one..

    Adrian from Australia

  • Ricardo_ArroyoRicardo_Arroyo WatchGuard Representative

    Good morning. I just wanted to let you know, we heard you and are looking into solutions to address your needs. In addition, we've initiated a review of the items listed in the HTTPS Content Inspection Exception List. If there is any functionality or behavior that should change, please feel free to provide feedback. For example, if you feel having those exceptions listed but not automatically enabled would be useful, that is something we can change. Enjoy!

    Ricardo Arroyo | Sr. Technical Product Manager / ThreatSync Guru
    WatchGuard Technologies, Inc.

  • Yes, having those exceptions listed but not automatically enabled would be useful.

    Gregg Hill

    Firebox T15/T35-W
    Fireware 12.5.1 build 601804
    WSM 12.5.1 build 601717
    ISP = Spectrum Cable 100 x 10 service
    Management computers: Win 8.1 Pro 64-bit, Win 10 Pro 64-bit, Server 2012 R2

Sign In to comment.