This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Management - Browser Variation

I have blocked some URLs by categorising them using a blocked category but that are not working across different browsers.

The URLs are correctly blocked by Edge and Firefox.but Google Chrome allows access.

I've not come across this problem before. Any ideas what is happening?

TIA

MisterBoo



This thread was automatically locked due to age.
Parents Reply Children
  • Sorry for the delay.

    I suspect the problem is related to the browser forcing HTTPS.  How to Stop Chrome from Automatically Redirecting to https - Howchoo this was the first link Google found for me about this feature.

    The Sophos client proxy (swi_fc.exe) that the traffic is routed through from the browser process does not decrypt traffic.  Because of this, if the traffic is HTTP, then it gets to see the entire URL and headers etc.  In the case of HTTPS, it is only able to see the domain name from the SNI (part of the TLS client hello handshake), as a result it will block sites visited via HTTPS based on categories for the domains seen but not for specific URLs.

    C:\ProgramData\Sophos\Web Control\Policy\ contains the policy fragments for the web control policy, in this case the EP has the following defined:

     Policy.localsitelist[#Policy.localsitelist + 1] = {['rule_id']='LSL_1',['category']='9',['domain']='spark.adobe.com',['path']='page/59pE4SzohUVP6/'}

    So the domain and path is split.  Given the implementation, the path part could never be seen by swi_fc.exe over HTTPS which has to be the issue.  

    I assume if you explicitly request it with the HTTP protocol from Chrome it will work and why the browser behaviour is different.

    The replacement web protection/control component that is about to be released to EAP does inspect all the traffic so I would think it would work then.

  • Thank you for taking the time to investigate and respond.

    I've been back through a few other URLs that are "blocked" in the same way and that bears out what you have said.