This article applies to:
- WF/WFR at version 4.1 or 4.2
Question:
- I believe the web filter is set up correctly so why are end users able to access sites like facebook.com and twitter.com using https?
Procedure:
This may be an indication that unwanted Ip's are in a category somewhere or your HTTPS setting is not configured correctly. You can verify the mandatory setting in the Gui by clicking System > Control > Filter.
HTTPS filtering level should be set to Medium with forward lookup to validate qualified DNS checked (see below). Unchecking, the forward lookup to validate qualified DNS will still allow https://facebookcom or twitter.com.
If HTTPS filtering level is already set to medium with forward lookup to qualified DNS checked, please run a library lookup on the 2 domains and verfiy no Ip addresses are in the results. If you find an ip addresses they must be removed. See which custom category has them and remove them.
To fix: In the Gui go to Library> category groups> Custom Categories> category name>URLs>Upload master. When uploading master URL Lists for custom categories the WF will first validate the URL list and then it will ask if you would like to upload the file with IP lookup or without IP lookup.
The recommended Choice is to upload the file without IP lookup. If you choose to use IP lookup enabled, any ip addresses belonging to facebook or twitter and the category is not set to block, the filter will not block connection to the sites in question when using https
if you still have problems call tech support 713-682-1400