Https Bypass

	Forums Register Login My Profile Inbox Address Book My Subscription My Forums Member List Search FAQ Ticket List Log Out

Https Bypass

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [Content Security] >> GFI WebMonitor for ISA Server >> Https Bypass

Page: [1]

Message

<< Older Topic Newer Topic >>

Https Bypass - 29.Jul.2008 4:15:57 PM

enver

Posts: 2
Joined: 2.Jun.2008
Status: offline

Hi, does GFI not monitor https traffic. It has been reported to me that users are able to access Facebook by going to https://www.facebook.com although we have blocked "Social Networking/Dating" sites.

Post #: 1

RE: Https Bypass - 29.Jul.2008 4:27:42 PM

DrewE

Posts: 476
Joined: 28.Apr.2008
From: Cary, NC
Status: offline

HTTPS (secure) traffic is not filtered by GFI WebMonitor. Performing any type of 'remote monitoring' in this manner breaks the encryption and trust that is generated between a clients machine and the remote web server. In order to effectively filter this type of traffic it is recommended that you create a URL ruleset within the ISA server and block access to this type of https:// traffic to the specific URLs you specify.

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to enver)

Post #: 2

RE: Https Bypass - 31.Jul.2008 9:21:08 AM

joestern

Posts: 236
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline

You should also look into Cleartunnel, which we use to make SSL traffic visible to WebMonitor.

(in reply to DrewE)

Post #: 3

RE: Https Bypass - 31.Jul.2008 9:43:05 AM

DrewE

Posts: 476
Joined: 28.Apr.2008
From: Cary, NC
Status: offline

In my initial testing with ClearTunnel's software, it did not successfully allow WebMonitor to filter HTTPS traffic. Are you able to get this product to work in that regard?

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to joestern)

Post #: 4

RE: Https Bypass - 1.Aug.2008 8:31:29 AM

joestern

Posts: 236
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline

Drew -

Using ClearTunnel 1.2.x with ISA 2006, we can definitely see all the https traffic exposed in ISA when when we monitor it, so webmon should see it too. Webmon also successfully blocks downloads of eicar test files from https://www.collectivesoftware.com/Test/index.html

There's a useful article by Thomas Shinder at http://isaserver.org/tutorials/Product-Review-Collective-Software-ClearTunnel.html - this is what put us onto the product in the first place.

I'd consider it a required component, along with WebMonitor, for ISA users.

(in reply to DrewE)

Post #: 5

RE: Https Bypass - 1.Aug.2008 8:55:08 AM

DrewE

Posts: 476
Joined: 28.Apr.2008
From: Cary, NC
Status: offline

Do you also use the webgrade database to block access to specific categories of websites? Does ClearTunnel allow this functionality to continue?

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to joestern)

Post #: 6

RE: Https Bypass - 1.Aug.2008 8:56:40 AM

joestern

Posts: 236
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline

No, we don't use the webgrade database. We use the free OpenDNS service to filter out the bad stuff.

(in reply to DrewE)

Post #: 7

Page: [1]

All Forums >> [Content Security] >> GFI WebMonitor for ISA Server >> Https Bypass

Page: [1]

Jump to:

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts

© 2008. All rights reserved. GFI Software	Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software