09-17-2013 05:42 AM
Hi,
We have a WSA s370 with AsyncOS version 7.5.1-079 and it is configured as a transparent proxy.
HTTPS proxy is enabled and all the URL categories set to pass through ( no decrytpting or monitoring ).
Seems like the WSA does not generate logs for HTTPS transactions.
I would like to know whether this is the expected behaviour.
Is there any way that I can monitor HTTPS transactions without decrypting ?
Thanks,
Wipula.
Solved! Go to Solution.
09-17-2013 08:07 PM
In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.
In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):
TCP_CONNECT 74.125.101.50
It will only report URLs once decrypted. At that point, it is just HTTP.
-Vance
09-17-2013 12:39 PM
HTTPS transactions end up in the ACCESS log along with the HTTP traffic
09-17-2013 08:07 PM
In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.
In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):
TCP_CONNECT 74.125.101.50
It will only report URLs once decrypted. At that point, it is just HTTP.
-Vance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide