Adding HTTPS Exceptions Parent topic

Deep Edge closes HTTPS security loopholes by decrypting and inspecting all encrypted traffic. administrators can allow clients to access all HTTPS traffic for specified URL categories or source IP addresses by adding them to the HTTPS Inspection exception list. While decrypted, data is treated the same way as HTTP traffic to which URL filtering and scanning rules are applied. Decrypted data remains completely secure in the Deep Edge server's memory. Before leaving the Deep Edge server, data is encrypted for secure passage to the client's browser.
For traffic filtering, Deep Edge first queries URL categories according to the hostname from the local pattern or local cache. If the category is not in the local pattern or local cache, then this connection is not decrypted. To determine whether or not to decrypt traffic, another thread will issue a Trend Micro URL Filtering Engine (TMUFE) query at the same time and put the result into local cache. When a user accesses the same site in the future, Deep Edge matches the decryption policy with the category queried to the local cache.

Procedure

  1. Go to PoliciesHTTPS InspectionGeneral Settings.
  2. Select Enable HTTPS Traffic Inspection.
  3. Under URL Category Exceptions, search or specify specific URL categories to allow. For a full description of available URL categories, see About URL Category Objects.
  4. Under Server Host Name Exceptions, click Allow or Block Hosts to update the approved or block URLs.
    The Approve/Block URLs screen appears. For details about managing approved and blocked URLs, see About Approved/Blocked URLs.
  5. Under Source Address Exceptions, click Add New to specify an IP address that all clients can access using an HTTPS connection.
    The Add/Edit window appears.
  6. Specify the name, protocol, and all IP addresses to allow, and then click OK.
    The new source is added to the list.
  7. Select the new source address that Deep Edge will not inspect.
  8. Click OK.
    Now, all HTTPS traffic for the specified URL categories, servers, or source addresses will not be inspected.