GFI WebMonitor supports to monitor and to block HTTPS traffic in different ways which depends on the HTTPS Inspection mode:HTTPS Inspection Enabled
- Standalone Proxy version - Enabled in the GFI WebMonitor console > Settings > Proxy Settings > HTTPS
- Microsoft ISA / TMG version - Only supported in Microsoft TMG server if outgoing https packet inspection is enabled in the Microsoft TMG configuration. Microsoft ISA server does not support this.
- GFI WebMonitor 2015 - GFI WebMonitor Management Console > Settings (gear in top right) > Core settings > HTTPs Scanning
With HTTPS inspections enabled GFI WebMonitor can monitor and block all the traffic within the encrypted stream. This includes blocking and AV scanning of all files downloading within the http stream. This is because HTTPS Inspection decrypts the data in the connection coming from the client, then processes the traffic, and encrypts the traffic going to the target webserver.
GFI WebMonitor does not show the actual data that is passed. Only the destination web server can be shown. Therefore an administrator cannot see details of the data sent such as account information, usernames, passwords, etc . This data is not recorded in the GFI WebMonitor debuglogs either.
HTTPS Inspection Disabled (Standalone version only)
With HTTPS Inspection disabled GFI WebMonitor is able to block https connections upon the first attempt to connect. However, once a connection to the destination web server is established any pages or files downloaded through that connection cannot be monitored, scanned or blocked.
One of the side effects of this is that when a connection to a https site is blocked the users will not be presented with the WebMonitor blocking page/message. Instead, they will usually see the 'Page cannot be displayed' message in their browser. Other errors they may see are 'Certificate-Based Authentication Failed', or 'There is a problem with this website's security certificate'. The reason for this is that WebMonitor cannot send the blocking page/message through the encrypted connection.
The GFI WebMonitor Agent (including the Cloud Agent) functions in this mode.