Applies to platform: UTM 5.0.5 and later
Last Update: 16 April 2018
This article illustrate the necessary steps to configure the URL filtering for HTTPS proxy server.
- An Endian UTM Appliances equipped with at least Version 5.0.5.
- The HTTP Proxy must be enabled and configured. You can follow the Enable HTTP Proxy section of this article.
- The Endian must be the DNS Server of the clients. If not, the DNS Proxy must be enabled.
In version 5.0.5 the new URL Filtering functionality has been introduced in the HTTPS Proxy as an alternative to the only modality available. The characteristics of this approach are:
- No certificate is needed by the clients.
- No antivirus check will be carried out.
- When a page is blocked by the proxy, the browser will receive a Connection refused error message.
- HTTPS URL filtering will use Whitelists, Blacklists, and Categories defined in the Access Policy and Web filter tabs of the HTTP Proxy.
To enable the HTTPS proxy in URL Filternig mode, go to Proxy > HTTP > HTTPS Proxy.
From the HTTPS Proxy operating mode drop-down menu choose URL Filtering and click on Save. You will be prompted by a green callout that reminds you that the Endian UTM Appliance must either
- Act as the DNS server for the clients, or
- the DNS Proxy must be enabled on the Endian UTM Appliance.
If case 1. is true, all you need to do is to click on Save and wait a few seconds to be activate the HTTPS Proxy.
Otherwise, in case the Endian is not the DNS Server, go to Proxy > DNS, tick the checkboxes of the zones where the HTTPS Proxy is enabled, then click on Save and finally on Apply to enable the DNS Server.
At this point the set up of the URL Filtering is complete.
Verify the connection
To verify that the HTTPS Proxy is working, from one client try to access a site which is in the blacklist or that falls in the blocked categories of the Web Filter. You will see an error message similar to the one in the following image.