HTTPS decrypt and scan - not identifying embedded URLs

Question

Hi folks, 
 a question about decrypt and scan that has me puzzled for sometime. 
 The users have the XG certificate installed and functioning correctly except for Apple sites. 
 I have web policies blocking advertisements and use the XG proxy, this functions correctly for sites that overtly advertising, but not for embedded advertisements. 
 Why aren't the embedded advertisement URLs identified and classified then blocked? 
 
 Ian

Michael Dunn · Accepted Answer

I just tested. The only thing in my test policy is block Advertisements. I have no top or side advertisements. If I look at the Log Viewer, filtering for that category: Double check your web policy and your exceptions. For example if you have "Allow image files" before "Block Advertisements" then some of those might be allowed. Of if you have an exception for googlesyndication.com then all the ads from that will be allowed.

Michael Dunn · Answer

Web > Exceptions > Apple Update. By default, apple.com and a few other sites are not HTTPS decrypted or have any policy enforced. If the "embedded advertising" urls come from apple domains they will not be blocked. If you know the URL you can also look in Log Viewer (which should tell you the policy, exceptions, and decision) as well as Policy Tester.

Michael Dunn · Answer

If the page displaying the ad causes a http/s request to a site that is categorized as advertising then that request should be blocked. If the page displaying the ad causes a http/s request to an site that is in an exception then that request will be allowed and the ad displayed. If the page displaying the ad has the ad embedded in its own html then the ad is displayed. My point is rather than saying "why am I seeing ads" you have to say "why is the request to site x being allowed". You need to look at what is actually going on in the html and http requests. >Why aren't the embedded advertisement URLs identified and classified then blocked? What are the URLs? What does Log Viewer say that it did about those URLs? What does Policy Tester say that should be done about them?

HTTPS decrypt and scan - not identifying embedded URLs

Top Replies