Related Topics

HTTPS-Proxy: WebBlocker

You can associate a WebBlocker configuration with your HTTPS-proxy policy to allow or deny web sites based on WebBlocker categories. In the proxy action, you select the WebBlocker configuration that defines the content categories you want to deny. If content inspection is enabled in the proxy action, you can also choose to inspect content for specific allowed WebBlocker categories. The HTTPS proxy does not inspect content that does not match the categories you select to inspect in the proxy action.

The Domain Names rules take precedence over WebBlocker actions. WebBlocker checks only occur when there is no Domain Rule match and the action to take if no rule is matched is Allow. For more information about Domain Names rules, see HTTPS-Proxy: Domain Names.

In Fireware OS v11.9.3 and lower, the ability to allow or deny sites based on your WebBlocker configuration applies only to traffic that is not content inspected.

HTTPS Proxy and Deny Messages

If you enable WebBlocker in an HTTPS proxy action, but do not enable content inspection, the Firebox uses the website certificate to identify it and decide whether to allow or deny access. Without content inspection, the HTTPS proxy action cannot selectively modify or strip website content, and users do not see a deny message when content is denied by WebBlocker. There is also no option for the user to type a WebBlocker local override passphrase.

To enable the HTTPS proxy action to decrypt the client connection and selectively modify or strip site content, enable content inspection in the HTTPS proxy. With content inspection enabled, the Firebox displays a deny message to the user when content is denied by WebBlocker or any other proxy scanning actions.

For more information about Content Inspection, see HTTPS-Proxy: Content Inspection.

Configure WebBlocker in the HTTPS Proxy Action

For more information about WebBlocker, see About WebBlocker.

See Also

About Proxy Policies and ALGs

About the HTTPS-Proxy

Give Us Feedback     Get Support     All Product Documentation     Technical Search