Overview
This article addresses an issue where GFI WebMonitor does not control HTTPS traffic adequately.
Note: GFI WebMonitor does control the initial access of the HTTP site through the Always Blocked and Web Filtering policies without enabling HTTPS Scanning. However, once the HTTPS connection is established, it cannot scan any of the files transferred within the encrypted tunnel.
Environment
- GFI WebMonitor Stand-alone proxy version
- All supported environments
Root Cause
HTTPS Monitoring is not enabled.
IMPORTANT: Make sure that by enabling HTTPS Scanning, you are not violating any legal and compliance regulations in your jurisdiction.
Resolution
This issue can be addressed as follow, depending on the GFI WebMonitor version you are running:
GFI WebMonitor 2013
- Navigate to Settings > Proxy Settings > HTTPS.
- Click on the Launch Wizard button, as shown below:
- Once the wizard is complete, HTTPS Scanning will be enabled with the options you select.
GFI WebMonitor 2015 or Newer
- Navigate to Settings > Core Settings > HTTPs Scanning.
- Toggle the ON button and click Save, as shown below:
Note: Make sure that you have the certificates installed on the computers using GFI WebMonitor Proxy.