Censornet - internet filtering on your terms

HTTPS Allow All

July 15, 2011 • Customer Services       

Synopsis

Article

By default, the CensorNet blocks all access to HTTPS sites. This is because there are a lot of false proxies out there that use HTTPS and if you can reach those as a user, you can bypass the CensorNet's filtering.

Valid HTTPS sites that you wish to permit can then be allowed by adding them to a category in the Custom URL Filter and setting that category to Allow in your policies.

If, however, you really feel you need to grant access to all HTTPS sites, perform the following steps :-

1. Create a Custom URL category.
2. Add the entry :443 to the category.
3. Make this category active in all policies where you are permitting unlimited access to HTTPS sites.

Warning: Once you do this, access to all HTTPS sites will be open. If users should find one of the false proxy sites, they will be able to circumvent any other filtering that is still active on your CensorNet. Please consider the safer alternative outlined below.

Instead of the above workaround, which works but opens you up to all kinds of security issues, ensure you are on a recent version of CensorNet Professional v4 and configure it so that SSL Intercept Mode is enabled.

Before doing this, you should read the SSL Certificate Installation Guide and after you have configured that, you should either delete all Custom URL entries containing :443 or, if they are all in one, or just a few, categories, mark that category as ignore in your policies.

The upshot of all of this is that now you will now be able to visit HTTPS sites without suffering a warning every time you hit a new one, but the CensorNet will be filtering all of the URLs and so you are not open to the security alerts. Indeed, our false proxy real time rater is likely to catch many of these sites, if they are not already classified.

Note: If you are using the CensorNet in in-line (transparant proxy) mode, then SSL Intercept Mode is enabled by default.

Related articles