GFI WebMonitor can control HTTPS traffic based on Web Filtering Policies on the initial connect request.
This means that if the user tries to access the initial site by going to or clicking on a link to https://<Site_Name> and that site violates a filtering policy, the connection attempt will be blocked.
However, once a user connects to an HTTPS site successfully, it establishes an encrypted tunnel with the site. If the encrypted site then pulls content from another site that violates a policy, it will not be blocked since GFI WebMonitor cannot read the encrypted contents.
To allow access to an HTTPS site that is blocked, you can add the Full URL to the Always Allowed list.
- Adding the full URL https://examplewebpage.com will allow connections to https://example.examplewebpage.com only.
- The global * character will not work with HTTPS (although the UI will allow the addition).
- Adding https://*.examplewebpage.com will not allow the connection.
- Adding https://*.com will not allow the connection to https://example.examplewebpage.com.
- Adding https://*.* will not allow all HTTPS traffic.
- When HTTPS connections are blocked, the user does not see the normal GFI WebMonitor blocking message. Instead, they will receive the standard browser error that the Page cannot be displayed.
- If you block or quarantine all other files in the Download Control Policy for the user(s), it will block most HTTPS connections.
- It may be illegal for you to block or control HTTPS traffic with a program like WebMonitor. Please check any legal or compliance regulations within your local jurisdiction before enabling any HTTPS blocking features.