Troubleshooting HTTPS filtering

Sometimes HTTPS filtering does not work as expected. In this case check the following.

  • Check that your Squid proxy was compiled correctly and is able to perform HTTPS flltering. The easiest way to do that is to run squid -v and ensure the –enable-ssl, –enable–sslcrtd and ‘–enable-icap-client’ are present in the compilation options.

../../_images/squid_version2.png

The UI of Web Safety shows Squid capabilities in UI / Squid Proxy / General / Version .

../../_images/squid_version_webui2.png
  • Check that your browser is set to use Squid proxy for all protocols including HTTPS(SSL).

../../_images/browser_settings2.png
  • Ensure you have configured HTTPS filtering in UI / Squid Proxy / HTTPS (SSL) / SSL Decryption Mode .

../../_images/https_filter_mode2.png
  • Check you are not using the policy (e.g. Relaxed policy) where Decrypt HTTPS / SSL Connections checkbox is cleared in UI / Web Safety / Policies / Relaxed / Advanced .

../../_images/policy_advanced2.png