Can I use Web Filter to block HTTPS/SSL sites?

Yes! However, filtering is not as granular as when using the SSL Inspector app.

When a website is accessed via HTTPS most of the content is encrypted, so the Untangle cannot view this data or filter by it. There is one portion that is not encrypted, which is the Server Name Indication (SNI). SNI is an extension of the TLS networking protocol that indicates which hostname (domain) the client is attempting to access. Using this information, Untangle can then filter web traffic.

The drawback is that Untangle cannot see the entire URL; only the domain. For that reason Untangle loses granularity in the filtering of that traffic. All traffic to a domain is treated the same, regardless of content.

The SNI settings on Untangle can be found under Web Filter > the Advanced tab. These settings are enabled by default.

webfilter_SNI.png

Follow
Was this article helpful?
0 out of 3 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk