Policy: Exempt sites from SSL Inspection
Posted by Matt Parker on 11 July 2018 08:30 PM
SSL inspection is required for WinGate to access HTTPS traffic for AV scanning, caching and web access rules. Some sites will validate the entire certificate chain and break the connection when it is inspected. These sites will need to be exempted from SSL inspection via policy.
Create a policy to exempt sites from SSL Inspection
1. Create a new policy at Control Panel::Policy, for Any HTTP proxy, ConnectRequest event. Name the policy and enter a description if required.
2. Build the policy:
This policy will automatically create the boolean "Enable SSL inspection exemption policy" and the data list "No SSL Inspection sites" in Control Panel::Data::Global Data. The boolean can be used to create a button on a dashboard to quickly bypass the policy. The list of sites will need to be populated. Note that only the server part of the request will be added to the list, e.g. wingate.com, a URL will not be read. e.g. https://www.wingate.com/purchase/wingate/purchase.php.
This policy allows the SSL inspection state to be logged, this must be added manually to the WWW Proxy Usage log. For information on adding this field to the log file, see this kb article.