Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

HTTPS Decryption — Decrypt Secured Content and Configure Exceptions

You can configure exceptions to the process for decrypting web traffic that uses secure connections under the HTTPS protocol. For this purpose, you fill web objects you want to exempt from decryption in lists for use by suitable rules.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
  2. On the policy tree in the navigation panel, expand HTTPS Scanning and select HTTPS Decryption.

    The selected rule set appears in the configuration area on the right. 

  3. Configure when this rule set should apply.

    • Under Criteria, leave the default All traffic, as you want the rules in this rule set to apply to all types of traffic.

    • Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.

      clipboard_ec8a8ad018fc5642fb8e807f7a4f6a7b8.png
  4. Click the settings icon to configure settings for this rule set in a panel that is inserted on the right. The settings that are currently in use are shown as selected on the panel. 

    When configuring these settings, you can specify how to use the SSL protocol or what to do when a handshake fails.

  5. To allow requests for accessing some websites to skip HTTPS content decryption, configure lists for the rules that are preset here for this purpose. They are shown under Preset Rules.

    Click the three dots at the end of the line for a rule and work with the options for list handling that are provided.

    HTTPS content decryption is skipped for the items that you enter in the lists. The two rules and their lists are for:

    • Domains and hosts

    • URL categories

      clipboard_e39e39a4d2d8f9b5066b8af9643dfd9bc.png

    To enable or disable the complete rule set, use the On/Off toggles at the end of the line with the rule set name.

The filtering process now follows what you have configured for the rules that exempt web objects from HTTPS content decryption. 

  • Was this article helpful?