Solved: WSA access logging for HTTPS traffic

wkw.bcdomain · ‎09-17-2013

Hi,

We have a WSA s370 with AsyncOS version 7.5.1-079 and it is configured as a transparent proxy.

HTTPS proxy is enabled and all the URL categories set to pass through ( no decrytpting or monitoring ).

Seems like the WSA does not generate logs for HTTPS transactions.

I would like to know whether this is the expected behaviour.

Is there any way that I can monitor HTTPS transactions without decrypting ?

Thanks,

Wipula.

Vance Kwan · ‎09-17-2013

In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.

In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):

TCP_CONNECT 74.125.101.50

It will only report URLs once decrypted. At that point, it is just HTTP.

-Vance

Ken Stieers · ‎09-17-2013

HTTPS transactions end up in the ACCESS log along with the HTTP traffic

Vance Kwan · ‎09-17-2013

In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.

In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):

TCP_CONNECT 74.125.101.50

It will only report URLs once decrypted. At that point, it is just HTTP.

-Vance