Cisco Cisco Web Security Appliance S190 Guía Del Usuario
C H A P T E R
11-1
Cisco IronPort AsyncOS 7.7 for Web User Guide
11
Processing HTTPS Traffic
•
•
•
•
•
•
•
•
•
•
•
•
Overview of Processing HTTPS Traffic
HTTPS traffic is encrypted. The Web Proxy can pass through encrypted HTTPS traffic, serving as a
“man in the middle”, but unless the content is decrypted, the web proxy cannot apply the content-based
rules contained within access policies, for example, it cannot block executable files or scan for malware.
The HTTPS proxy can decrypt HTTPS traffic and pass it to access policies for the application of
content-based policies. The web proxy then applies access policies to the decrypted HTTPS content.
“man in the middle”, but unless the content is decrypted, the web proxy cannot apply the content-based
rules contained within access policies, for example, it cannot block executable files or scan for malware.
The HTTPS proxy can decrypt HTTPS traffic and pass it to access policies for the application of
content-based policies. The web proxy then applies access policies to the decrypted HTTPS content.
When the HTTPS proxy is enabled, HTTPS-specific rules in access policies, for example, “block HTTPS
traffic”, are disabled. The web proxy processes decrypted HTTPS traffic using rules for HTTP.
traffic”, are disabled. The web proxy processes decrypted HTTPS traffic using rules for HTTP.
Decryption policies specify which HTTPS connections to monitor, drop, pass through, or decrypt.
Note
Handle personally identifiable information with care: If you choose to decrypt an end-user’s HTTPS
session, the Web Security appliance access logs and reports may contain personally identifiable
information. Cisco recommends that Web Security appliance administrators take care when handling this
sensitive information.
You can configure how much URI text is stored in the logs using the
session, the Web Security appliance access logs and reports may contain personally identifiable
information. Cisco recommends that Web Security appliance administrators take care when handling this
sensitive information.
You can configure how much URI text is stored in the logs using the
advancedproxyconfig
CLI
command and the
HTTPS
subcommand. You can log the entire URI, or a partial form of the URI with the