Exclude Domains from HTTPS Filtering

If you need to add exclusions from HTTPS filtering, click the UI / Squid Proxy / Exclusions add as many exclusions as desired. Please note, these exclusions work only when browsers are configured to use Squid proxy explicitly. If you have an invisible intercept proxy then these exclusions need to be managed by your firewall. The following screenshot shows default exclusions of the application.

../../_images/https_exclusions11.png

The following exclusion types are supported:

  • Exclusion by remote domain name
  • Exclusion by IP address, subnet or IP range of the remote domain
  • Exclusion by IP address, subnet or IP range of the proxy user
  • Exclusion by time schedule and browser user agent
  • Exclusion by assigned categories of a domain name

The last type of exclusions is very useful to automatically exclude financial institutions and government sites from HTTPS inspection and SSL filtering. The following screenshot shows default excluded categories.

../../_images/https_exclude_by_category11.png