McAfee MAP-3300-SWG Product Guide - Page 188
HTTPS Web Categorization - McAfee GTI Web Categorization, URL Blacklisting and Whitelisting
UPC - 731944547008
View all McAfee MAP-3300-SWG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 188 highlights
Overview of Web features Web Policies Table 178 Option definitions Option Definition Enable blacklist and whitelist checks for HTTPS URLs Select to compare HTTPS URLs against a list of allowed or denied URLs. HTTPS Web Categorization - McAfee GTI Web Categorization Use this page to block access to secure websites. A secure website has an address of the form: https:// www.example.com. Table 179 Option definitions Option Enable McAfee GTI web categorization for HTTPS URLs Block URLs when the action is coach Definition By default this option is enabled. The appliance is unable to read the encrypted contents of an HTTPS conversation, however it is able to use the IP address to work out whether access should be allowed to the site. By default this option is enabled. All coached sites will be blocked over HTTPS because the appliance is unable to read the encrypted contents of an HTTPS conversation so it is unable to provide the coaching functionality offered over HTTP. FAQ - Why is HTTPS access to a site not blocked, but HTTP access is blocked? It is important to understand the order in which the appliance checks HTTP access requests. The appliance looks up the URL provided by the browser. • If the site name matches a prohibited category then access to the site is blocked. • If the appliance cannot see the URL provided by the browser because it is encrypted but it can see the IP address that the browser is trying to connect to, the appliance takes this IP address and performs a DNS reverse look up to find the URL that the IP relates to. With the return from the DNS lookup the appliance will perform the same site name search as for an HTTP access request. Occasionally the site that the browser is trying to access will not have the required DNS entries. For example: • www.example.com is a known bad website • www.example.com resolves to IP address 123.123.123.124 • When doing a reverse DNS lookup for 123.123.123.124 the appliance receives either: • www.example.com - the HTTPS access can be blocked • www.anotherwebsite.com - the HTTPS access will be based on the different website name that is returned • NXDOMAIN - there is no site name to check and the appliance will do an access check based on the IP address URL Blacklisting and Whitelisting Use this page to compile lists of URLs (lists of website addresses) to which users will be denied or allowed access. This page contains the following tabs, each allowing you to define different lists: • Blacklisted URLs • Blacklisted URLs (Regex) 188 McAfee Email and Web Security Appliances 5.6.0 Product Guide