This article applies to:
Question:
-
When we tunnel HTTPS traffic over HTTP (user browser has 8080 on all protocols), we can still block the HTTPS site request via URL cat and URL list, but the Block page does not display. Instead of a regular Block page, in Firefox we get "The proxy server is refusing connections". But we still see the Web log with the correct block reason.
Why can we block but not show the Block page when we tunnel HTTPS?
Reply:
This is a normal browser behavior. That is, if you look at the capture you will see that SWG is sending the 403 error page correctly.
However, the browser is rendering it differently and showing its own error message. Browsers do not apply 403 error messages over HTTPS, only over HTTP.
This is not an SWG issue, but a security feature in all browsers.
You can see this in the Firefox bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=493699#c1
and in the Chrome bug system: https://code.google.com/p/chromium/issues/detail?id=62993#c1