This article applies to the Smoothwall Filter & Firewall On-Prem solution in either Hardware or VM form.
A Primer on HTTPS Inspection
HTTPS Inspection allows the Guardian Web Filter to dynamically scan the content of HTTPS web requests and responses for material that may be unsuitable and block in-page content on-the-fly based on existing Guardian Web Filter policies. It also allows for the application of content modificaitons, to alter the function of specific web pages, and to allow the Guardian Web Filter to see the full encrypted URL and filter them individually.
The most common use for this is performing search-term filtering in search engines - where normally the search term would be encrypted in transit, the Guardian Web Filter is able to decrypt the requests, analyse the search string, and make filtering decisions based on preconfigured or custom search terms and action the request according to the filtering policies set for that user.
HTTPS Inspection is important for catching inappropriate content that may be lurking on otherwise innocuous sites, and also to allow the running of some content modifications.
When a HTTPS inspection policy is in place, the Smoothwall Filter displays a warning page informing users who try to access a HTTPS website that their communication with the site is being monitored. Users must accept the monitoring by clicking Yes to continue to the site or click No to end the communication.
Understanding Policy Elements
As with the Guardian Web Filter, the HTTPS Inspections policies are based on a Who, What, Where, When, Action format:
Who: The individual user or user-group to whom the policy applies.
What: The web content category, or a group of categories, to be actioned by the policy.
Where: A network location (an IP or range of IP's) that the policy will apply too.
When: A time-slot during which the policy will be active.
Action: How the Smoothwall will action the policy.
The Action element has multiple options depending on what you want to do with the policy. Let's look at those now.
- Create Policy Folder: This allows you to organize the Guardian Web Filter Policies into folders, where all policies within the folder share one or more elements - this is most commonly used for grouping policies by User Group, but other elements can be used as needs require.
Policies can be added to Policy Folders by using the + icon on the folder in the policy table at Guardian > Web Filter > Manage Policies. - Decrypt and Inspect: Subject the content of the categories listed in the What element to the Decrypt and Inspect process.
- Validate Certificate: Guardian will not Decrypt and Inspect the traffic, but it will perform a secondary check of the destination server's TLS certificate for validity.
- Do Not Inspect: No action is taken by Guardian other than what is defined in the Web Filter policies.
Creating a Policy
Prerequisites
You will need the decryption certificate installed on the devices' browsers as a root trusted certificate. You can export the certificate from Guardian > HTTPS inspection > Settings.
Create the policy
To create a new Guardian Web Filter Policy:
- Log-in to your Smoothwall Filter & Firewall Admin UI.
- Navigate to Guardian > Web Filter > HTTPS Inspection and use the 'Create New Policy' tool at the bottom of the page.
- In the creation form, fill out the Who, What, Where, When, and Action as required.
NOTE: You may select between User Groups and Users in the Who field with the multi/single-user tool on the left of the populated field. - Note the 'Enable Policy' check-box at the bottom of the policy form, toggle this to make the policy live upon creation or turned off if the policy is not immediately required to take effect. Click 'Confirm' to complete the policy configuration.
- Review the policy configuration and if all is correct, click the 'Save' button. Else click 'Back to return to the configuration page or 'Cancel' to abort the new policy.
- Navigate to Guardian > Web Filter > Manage Policies to see the new policy at the bottom of the policy table.
NOTE: Policy order is very important in the Guardian Web Filter - policies are actions from top to bottom, and Guardian will look at each policy in turn from left to right to match the request made with a policy. The first policy that matches the request made will be actioned.