Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
1
Replies

Logging of HTTPS websites in WSA

dkorell
Level 1
Level 1

‎01-19-2016 01:55 PM

Currently I have all HTTPS decryption using passthrough and when I look at the web tracking on the WSA it only shows the IP address. My understanding of this is since the traffic isn't being decrypted it can't get the web address. But if I look in the access logs I do see the web address. Can anyone shed some light on how this works?

Labels:
0 Helpful
1 Reply 1

Erik Dahle
Level 1
Level 1

‎01-20-2016 01:19 AM

I guess you're running in explicit mode?

There are a few differences between explicit and transparent client HTTP requests:

1. An explicit request has a destination IP address of the configured proxy. A transparent request has a destination IP address of the intended web server (DNS resolved by the client).

2. The URI for a transparent request does not contain the protocol with the host:

Transparent GET / HTTP/1.1
Explicit GET http://www.google.com/ HTTP/1.1


Both will contain an HTTP Host header that specifies the DNS host.

So when in explicit mode, the proxy will actually see the destination URL, even when you passthrough the request.

0 Helpful
Customers Also Viewed These Support Documents