PROBLEMWhen a user attempts to browse to a HTTPs site that has been blocked, instead of receiving the GFI WebMonitor blocking page/message that states 'Blocked: You have been blocked from downloading this file since it breaches a security policy...' they receive one of the following standard messages:
- The page cannot be displayed
- Certificate-Based Authentication Failed
- There is a problem with this website's security certificate
- GFI WebMonitor
- GFI Cloud Web Protection
- All supported environments
SOLUTIONThis is normal behavior when HTTPs Inspection is not enabled.
In order for the user to see the blocking page or message, you should enable HTTPs Inspection in the Stand-alone Proxy version or enable Outgoing https packet inspection in TMG.
Further information on how to enable HTTPs inspection of TMG can be found at: http://www.isaserver.org/tutorials/Forefront-TMG-Advanced-Web-Protection-Overview.html
Note: ISA Server does not support this feature.
With HTTPS Inspection disabled GFI WebMonitor is able to block HTTPs connections upon the first attempt to connect. However, once a connection to the destination web server is established any pages or files downloaded through that connection cannot be monitored, scanned or blocked.
One of the side effects of this is that when a connection to a HTTPs site is blocked the users will not be presented with the WebMonitor blocking page/message.