Configuring HTTPS Proxy settings
Enable HTTPSHypertext Transfer Protocol over Secure Socket Layer (SSL). Scanning to monitor and block traffic within encrypted streams (URLs starting with https://). This prevents threats from malicious content that may be present in HTTPS sites or downloads. GFI WebMonitor does not read or display any encrypted contents.
This feature is not available for GFI WebMonitor installed as a plug-in for Microsoft Forefront TMGMicrosoft Forefront Threat Management Gateway. A Microsoft product that provides firewall and web proxy services. It also enables administrators to manage Internet access through policies. It is the successor of the Microsoft ISA Server and is part of the Microsoft Forefront line of business security software..
To configure HTTPS Scanning settings:
1. Go to Settings > Core Settings > HTTPS Scanning.
2. Click the HTTPS Scanning switch to turn on.
3. In the Current Certificate area, view relevant information of the currently used certificate. GFI WebMonitor needs a valid certificate to inspect HTTPS traffic. If no certificate is currently enabled, consult the following sections that show you how to work with certificates:
- Creating a new HTTPS Scanning certificate
- Import an existing HTTPS Scanning certificate
- Export an HTTPS Scanning certificate
4. Click the Display Warning switch to display a warning page to users before GFI WebMonitor starts decrypting and inspecting HTTPS traffic.
5. Click the Block Non-Validated switch to start blocking HTTPS websites with certificates that are not yet validated.
6. Click the Block Expired switch to block pages that contain expired certificates.
7. Use the Accept up to 'x' days after expiry field to accept websites whose certificate has expired by a number of days.
8. Click the Block Revoked switch to block websites with revoked certificates.
Ensure that by enabling HTTPS Scanning you are not violating any laws in your jurisdiction or any compliance regulations for your industry.
It is recommended that any HTTPS website that would be inappropriate for GFI WebMonitor to decrypt and inspect is added to the HTTPS scanning exclusion list. For more information refer to Adding Items to the HTTPS Scanning Exclusion List.