Scanning HTTPS (SSL) traffic - F-Secure Community

@import "https://static.cloud.coveo.com/searchui/v2.6063/css/CoveoFullSearch.min.css"; header {margin:52px 0 0 0} #dropdownnavi {float:left; clear:both; width:100%;} header .row {width:100%} header .row:nth-child(1) {background-color:#0014a0} header .container, footer .container {max-width:1172px; margin: auto;} .top-header {height:53px;} .bottom-header {height:52px;} .Header-logo {width: 10%;float: left;} .Header-logo img {width: 105px; margin: 11px 8px 8px 16px;} .header-top-links {float: right; margin: 1px 15px 0 0;} .header-top-link, .header-bottom-item {cursor: pointer; display: inline-block; font-size: 14px; font-weight: 400; line-height: 52px; margin: 0 15px; position: relative; text-align: center; } .header-top-link, .header-bottom-item a {text-decoration:none;} .header-top-link {color: #fff; margin: 0 10px 0 12px;} .header-top-link.active {margin-right:12px} .header-top-link.active::after {width: calc(100% + 30px)!important} .header-top-link.active::after, .header-top-link:hover::after {background: #fff;} .header-bottom-link {color: #1e1e1e;} .header-bottom-item .header-bottom-link {margin:0 15px} #opensearch-icon:before {content:"\f220";font-family:fsg-icon;font-size:26px;color:#ffffff} #closesearch-icon:before {content:"\f130";font-family:fsg-icon;font-size:26px;color:#ffffff} #opensearch-icon, #closesearch-icon {font-style: normal;} #opensearch-icon:hover, #closesearch-icon:hover {cursor:pointer} #homeLink {margin-left:1px} .kb-lang-title {width:100%;text-align:center;font-weight:600;color:black; margin:0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #signin {margin-top:5px} #signin a {text-decoration: none; color:#1e1e1e; } .signin-icon {float: left; height: 20px; padding: 0 5px 20px 0;} #articleslink hr, #dashboardlink hr {margin:0} #articleslink .title {padding: 0;text-align: center; font-weight: 600;} #articleslink p, #dashboardlink p {padding:10px 0 10px 20px;} #articleslink p a, #dashboardlink p a {text-decoration: none; color:#1e1e1e;} #articleslink .draftslink:hover, #dashboardlink p:hover {padding: 10px 0 10px 20px;} .header-coveosearch {position: relative; margin-top: -53px;} .header-search {display:inline-block;padding:8px 0 0 0;} .searchboxtoggle {color:white;} .header-searchcontainer {float: right; margin:0 18px 0 0; height:52px} .search-icon {color:white;} .expand {display:inline-block;} .collapse {display:none;} .header-searchbox {height:52px;} .CoveoSearchbox {background: white!important;margin-top: 3px!important;} .CoveoSearchbox .magic-box .magic-box-input > input {font-family: 'FSSansWeb';font-size: 14px;} #kbsearch {display:block;margin: 0 0 0 auto; height:53px; box-sizing: border-box; border: 1px solid white; font-size: 14px; padding: 14px 0 10px 15px;} header-searchbox.active, #kbsearch:focus {width: 100%; transition: 1s ease-in-out;} #helpForumsLink #menu-dropdown.ontouch {display: block;left: 25px;position: absolute;top: 52px;} #FaqsLink #kb-menu-dropdown.ontouch {display: block;left:0;position: absolute;top: 52px;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch, #FaqsLink #kb-menu-dropdown.ontouch .depth-2-list.ontouch {border: 1px solid #c4c4c4;left: calc(100% + 0px);position: absolute;top:-1px;width: 100%;display:block;background:white} #helpForumsLink #menu-dropdown.ontouch .dropdown-1-title, #helpForumsLink #menu-dropdown.ontouch .dropdown-2-title, #helpForumsLink #menu-dropdown.ontouch .dropdown-3-title,#FaqsLink #kb-menu-dropdown.ontouch .dropdown-1-title, #FaqsLink #kb-menu-dropdown.ontouch .dropdown-2-title, #FaqsLink #kb-menu-dropdown.ontouch .dropdown-3-title {display: block;text-align: left;margin-left:25px} #helpForumsLink #menu-dropdown.ontouch a.dropdown-1-title,#helpForumsLink #menu-dropdown.ontouch a.dropdown-2-title,#helpForumsLink #menu-dropdown.ontouch a.dropdown-3-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-1-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-2-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-3-title {font-weight:500!important;color:#8a8a8a;font-style: italic} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item, #FaqsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item {border-top: 1px solid #c4c4c4;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item:first-of-type {border-top:none;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-3-list.ontouch {left: calc(100% + 0px);position: absolute;top:-1px;border: 1px solid #c4c4c4;width: 100%;display: block;border-bottom: none;background:white} #signin .header-bottom-item.header-bottom-link {display:inline-block; margin-top: -16px;} #signin a:hover {color:#0014a0} .signin-icon:before {content:"\f258";font-family:fsg-icon;font-size:22px;color:#363636;position:absolute;margin:-10px 0 0 -20px} .Footer {background:#f6f6f6;color:#555a62;font-size:16px;line-height:1.5;padding:18px 0; border-top:1px solid #c4c4c4} .Footer .footer-logo-wrap .footer-logo {height: auto; max-height: 32px; width: auto; margin-top:20px} .Footer .col {padding:0 0 0 15px;width: 23%; font-size: 13px; display: inline-block; vertical-align: top;} .Footer .footer-links-wrap {border-bottom: 1px solid #c4c4c4;max-width: 1172px; margin: auto;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-right:1px solid #c4c4c4} .Footer .col ul {list-style: none;} .Footer .col:nth-child(2) ul {padding: 0;} .Footer .col ul li a {color: #1e1e1e; text-decoration: none;} .footer-link-title {text-transform: uppercase; color: #1e1e1e;} .footer-link-subtitle {font-size:14px; color: #1e1e1e; max-width:95%} .footer-icon {float: left; height: 30px; padding: 0 10px 60px 0;} footer.Footer .row.footer-links-wrap .col.footer-links {border:none;margin-bottom:0} footer.Footer .row.footer-links-wrap .col.footer-links h3 {font-size:16px} footer.Footer .row.footer-links-wrap .col.footer-links ul {padding:0 0 15px 0;margin-left:0} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link{color:black;font-size:14px} footer.Footer .row.bottom-row .col.col-copyRight * {color:black;font-weight:400} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link:hover, footer.Footer .row.bottom-row .col.col-copyRight:hover {color:#0014a0;} footer.Footer .row.bottom-row {border-top:none} footer.Footer .row.bottom-row .col {width:48%} footer.Footer .row.footer-links-wrap:nth-of-type(3) {padding-top:10px} .col-copyRight a, .social-icons-wrap a {display:inline-block; padding:5px 0; text-decoration: none; color: #1e1e1e; } .social-icons-wrap {float:right} .Footer a:hover, .Footer .col ul li a:hover, footer.Footer .row.bottom-row .col.col-copyRight *:hover {color:#0014a0} footer.Footer .row.bottom-row {padding-top:5px;max-width: 1172px;margin: auto;} footer.Footer .row.bottom-row .col.col-copyRight * {font-weight:400} social-link:hover {cursor:pointer} social-link:hover svg {fill:#0014a0} .social-link.facebook:before {content:"\f226";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.youtube:before {content:"\f231";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.twitter:before {content:"\f22f";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.linkedin:before {content:"\f22a";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.facebook:hover::before,.social-link.youtube:hover::before,.social-link.twitter:hover::before, .social-link.linkedin:hover::before {color:#0f58dc} @media screen and (max-width:991px){ header {margin:0} header .row:nth-child(1) {height:64px} .Header-logo img {margin: 17px 8px 8px 16px;} .Hamburger-border {position: absolute; right: 60px; border-left: 1px solid #fff; height: 64px; width: 50px; top: 0; z-index: 20; border-right: 1px solid white; padding-right: 10px;} .Hamburger {display:block;position: absolute; top: 8px; left: calc(100% - 52px); z-index: 20;-webkit-box-align: center; -webkit-box-pack: center;-webkit-user-select: none; align-items: center; background: transparent; border: none; border-radius: 0;cursor: pointer;justify-content: center; outline: none;transition: .35s;} .Hamburger-menuXcross {height: 25px; padding: 0; width: 26px;} .Hamburger-menuLines {-o-transition: .35s;-webkit-transition: .35s; background-color: #fff; border-radius: 2px; display: inline-block; height: 2px; position: relative; transition: .35s; width: 26px;} .Hamburger-menuLines::before {top: 6px; } .Hamburger-menuLines::after {top: -6px;} .Hamburger-menuLines::after, .Hamburger-menuLines::before {-ms-transform-origin: 5.5px center;-o-transition: .35s;-webkit-transform-origin: 5.5px center;-webkit-transition: .35s;background-color: #fff;border-radius: 2px; content: ""; display: inline-block; height: 2px;left: 0;position: absolute;transform-origin: 5.5px center;transition: .35s;width: 26px;} .sr-only {position: absolute !important;width: 1px !important;height: 1px !important;padding: 0 !important;margin: -1px !important;overflow: hidden !important;clip: rect(0,0,0,0) !important;border: 0 !important;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-webkit-transform: rotate(45deg); transform: rotate(45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after {-webkit-transform: rotate(-45deg);transform: rotate(-45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after, .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-ms-transform-origin: 50% 50%;-webkit-transform-origin: 50% 50%;background-color: hsla(0,0%,100%,.6); left: 0;top: 0;transform-origin: 50% 50%;width: 26px;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines {background: transparent;} .isToggled .Hamburger-menuLines {-webkit-transform: scaleX(1);transform: scaleX(1);} #signin {text-align:center; margin: auto; color:white} #signin a {text-decoration: none; color:white;} .header-top-links, .bottom-header {display: none} .header-coveosearch {margin-top:0} .header-searchcontainer {color: white; text-align: right; margin: 8px 18px 0 0;} .header-search { padding: 5px 0 0 0; width: 60px; margin: auto; display: block; position: absolute; right: 17px; top: 8px;} .searchboxtoggle {color:white} .header-searchbox {position: absolute; right: 60px; top: 0; height:65px; width:85%;z-index:30} .CoveoSearchInterface {margin-top:-3px} .CoveoSearchbox {margin-top:0;} .CoveoSearchInterface .CoveoSearchbox {margin-right:0;height:65px;} .CoveoSearchButton.coveo-accessible-button, .CoveoSearchbox .magic-box .magic-box-input > input {height:65px} #kbsearch {height:66px} .banner-middleContainer_f1l0wf96 {box-shadow: inset 0 10px 10px -10px #000;} #homeLink, #helpForumsLink, #FaqsLink, #userguidesLink, #supportLink, .header-right {width:100%; text-align: left; margin: 0; } #userguidesLink, #supportLink {border-top: 1px solid #dfdfdf;} #helpForumsLink, #FaqsLink {margin: 0 0 10px 25px;} .top-header-link {text-transform: uppercase; font-weight:700; color:#1e1e1e; font-size:14px; padding:15px 15px; line-height: 2em;} #dropdownnavi .top-header-link {margin: 3px 0 0 10px;} .header-bottom-link::after {background:none;} .header-bottom-item .header-bottom-link {margin:0 10px} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding:0 0 0 40px} .kb-lang-title {text-align:left;} #menu-dropdown {margin-top: -20px;} #kb-menu-dropdown .depth-2-list.open {padding-left:30px} .depth-1-list a, .depth-2-list a, .depth-3-list a {color:#1e1e1e} .smdropdown-alt {line-height: 0; margin:0; padding: 0 0 10px 0;} .smdropdown-link {color:#acacac!important; font-style: italic;} .depth-1-list, .depth-2-list, .depth-3-list {display: none; margin: -20px 0 0 0; padding: 0 0 0 15px;} .header-right {float: right;padding: 8px 0; height: 30px; border-radius: 0; box-shadow: 0 3px 5px #1e1e1e; background:#0014a0; text-align: right;} .signin-icon {display: none;} #signin .header-bottom-item.header-bottom-link {margin-top: -10px;} .open {display: block;} .Footer .col {display: block; width:96%; padding: 0 20px 15px 20px} .Footer .col.col-copyRight, .Footer .col.col-social {width:90%} footer .container {width:95%} .col.footer-logo-wrap {text-align: center;} .col-copyRight a {padding: 10px 0 0 20px;} .social-icons-wrap a {padding: 10px 0 0 0;} .Footer .footer-links-wrap {padding-bottom:none; border-bottom:none;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-bottom:1px solid #c4c4c4; border-right:none} footer.Footer .row:nth-of-type(2).footer-links-wrap .col.footer-links:last-of-type {border-bottom:none} a.dropdown-1-title, a.dropdown-2-title, a.dropdown-3-title {color: #8a8a8a; font-style: italic;} .header-bottom-link:focus::after, .header-bottom-link:hover .smdropdown::after,.smdropdown::after,.depth-1-url::after,.depth-2-url::after {content:"\f1f5";font-family:fsg-icon;font-size:26px;color:#363636;position:absolute} .smdropdown.change::after,.depth-1-url.change::after,.depth-2-url.change::after {content:"\f131";} .footer-link-title {width:94%} .footer-link-title::after {content:"\f1f5";font-family:fsg-icon;font-size:26px;color:#363636;float:right!important} .footer-link-title.change::after {content:"\f131";} footer.Footer .row.footer-links-wrap .col.footer-links ul {display:none} footer.Footer .row.footer-links-wrap .col.footer-links ul.open {display:block; padding-bottom:30px} footer.Footer .row.footer-links-wrap:nth-of-type(3) {border-bottom:none} footer.Footer .row.footer-links-wrap .col.footer-links {border-bottom:1px solid #dfdfdf;} footer.Footer .row.footer-links-wrap .col.footer-links, footer.Footer .row.footer-links-wrap .col.footer-links:last-of-type {padding:10px 0 0 20px} footer.Footer .row.footer-links-wrap .col.footer-links .footerdropdown::hover {cursor:pointer!important} .row.bottom-row {display:flex;} .Footer .col.col-copyRight, .Footer .col.col-social {width:50%;padding:0} .social-icons-wrap {margin-top:-15px} } @media screen and (min-width:992px){ .Hamburger, .dropdownnavi .top-header-link, #userguidesLink, #supportLink, .smdropdown-alt {display: none;} .bottom-header {display: block;} .header-top-link::after {background: #fff;} header .row:nth-child(2) {background-color:white; box-shadow: 0 3px 5px rgba(0,0,0,0.1);} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding-left: 0; box-shadow: 0 4px 4px rgba(0,0,0,.1);} .depth-1-item, .depth-2-item, .depth-3-item {padding-left:15px; border-bottom:1px solid #dfdfdf; position: relative;} .depth-1-item a, .depth-2-item a, .depth-3-item a {color: #1e1e1e;} .header-bottom-link::after {background: #0014a0;} .header-top-link.active::after, .header-top-link:hover::after, .header-bottom-link.active::after, .header-bottom-link:hover::after {bottom: 0; content: ""; display: block; height: 5px; left: -15px; margin: auto; position: absolute; width: calc(100% + 35px);} .header-bottom-link.smdropdown:hover, .header-bottom-link.smdropdown.active {color:#0014a0} .header-searchbox {position:absolute;top:0;right:60px; margin:0; z-index: 200; } .header-searchbox.active {width:500px;transition: 1s ease-in-out;} #kbsearch {width:350px;} #menu-dropdown, #kb-menu-dropdown {position: absolute; z-index: 100; background: white; text-align: left; margin: 1px 0 0 -15px;} #menu-dropdown, #kb-menu-dropdown .depth-1-list {width:300px} #kb-menu-dropdown .depth-1-url {color:#8a8a8a} #kb-menu-dropdown .depth-2-list {width:350px!important} #profile-menu {position: absolute; z-index: 100; background: white; width: 350px; text-align: left; width:260px; margin: 0 0 0 -230px; border: 1px solid #c4c4c4; border-radius: 5px; box-shadow: 0 4px 4px rgba(0,0,0,.1);} #menu-dropdown, #menu-dropdown .depth-2-list, #menu-dropdown .depth-3-list, #kb-menu-dropdown, #kb-menu-dropdown .depth-2-list, #profile-menu {display:none;} #helpForumsLink:hover #menu-dropdown, #FaqsLink:hover #kb-menu-dropdown, #profiledropdown:hover #profile-menu {display: block;} #menu-dropdown .depth-1-item:hover .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list, #kb-menu-dropdown .depth-1-item:hover .depth-2-list { display: block; left: calc(100%); background: #fff; border: 1px solid #c4c4c4; position: absolute; top: 0; width: 100%;} #kb-menu-dropdown .depth-1-url {margin:0} #menu-dropdown .depth-1-item:nth-child(3) .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list {top:-1px} .depth-1-item:hover, .depth-2-item:hover, .depth-3-item:hover {pointer:cursor;background-color:#f8f8f8} #helpForumsLink .depth-1-item:hover .depth-1-url, .depth-2-item:hover .depth-2-url, .depth-3-item:hover .depth-3-url, #kb-menu-dropdown .depth-2-item:hover .depth-3-url {color:#0014a0} #FaqsLink .depth-1-item:hover, #FaqsLink .depth-1-item:hover .depth-1-url {cursor:default} .header-right {float: right; margin: 8px 15px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #dropdownnavi {margin: -1px 0 0 -13px;width:50%} #dropdownnavi .top-header-link, .dropdown-1-title, .dropdown-2-title, .dropdown-3-title {display:none} .header-bottom-link.smdropdown {line-height:53px} #signin {display:flex; margin: 1px -12px 0 0} #signin .header-bottom-item.header-bottom-link {margin-top:-14px; height:54px} #signin span {margin-top: 3px;} .signin-icon {padding: 4px 0 20px 0;} .header-bottom-link.smdropdown:before {content:"\f1f5";font-family:fsg-icon;font-size:26px;float: right;} #helpForumsLink:hover .header-bottom-link.smdropdown::before, #FaqsLink:hover .header-bottom-link.smdropdown::before, .header-bottom-link.smdropdown:hover::before {content:"\f131";} .depth-1-item:before, #helpForumsLink .depth-2-item:before {content:"\f1f6";font-family:fsg-icon;font-size:26px;float: right;} .depth-1-item:hover::before, #helpForumsLink .depth-2-item:hover::before {content:"\f132";} }

Scanning HTTPS (SSL) traffic

This article provides information about scanning HTTPS (SSL) traffic by using F-Secure Internet Gatekeeper for Linux.

Because HTTPS (SSL) traffic is encrypted, F-Secure Internet Gatekeeper for Linux cannot scan the contents of a file. However, by using the setup described in this article, HTTPS (SSL) transactions can be handled.

To protect internal clients

If you use this product to protect internal clients, HTTPS transfer can be handled. But, in this case, because it is transferred as encrypted data, it is not possible to scan its contents. In this case, traffic between the product and the client is SSL over HTTP-proxy using RFC-2817's CONNECT method:

Client |(SSL(HTTPS) over HTTP-proxy, Port 9080) This product | (HTTPS, Port 443) Internet | (HTTPS, Port 443) Web server

To protect a web site

If you use this product to scan connections to specific web servers, you need to scan after SSL decryption. Place the product between the web server and SSL-proxy/SSL-accelerator, and run the product as reverse proxy to scan. In this case, the connection flow is the following:

Client | (HTTPS, Port 443) Internet | (HTTPS, Port 443) SSL proxy/SSL accelerator | (HTTP, Port 80) This product | (HTTP, Port 80) Web server

For example, by putting Apache as an SSL proxy as in the following and by placing the product in the HTTP connection part, viruses can be scanned:

Client | (HTTPS) Internet | (HTTPS) Apache-SSL proxy | (HTTP) This product | (HTTP) Web server

The Apache-SSL proxy, this product, and the Web server can also be put on a different server. If you use Apache as an SSL proxy, the following configuration (as an example) can be written on the Apache configuration file:

[Example "httpd.conf" to run Apache as SSL proxy] (This is the case if the product and Apache-SSL are installed on the same server.) =================================================================== # https access Listen 443 AddDefaultCharset Off ProxyPass / http://127.0.0.1:9080/ ProxyPassReverse / http://127.0.0.1:9080/ SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown ===================================================================

If the product and the web server are installed on the same server, you need to set the product in the Web UI as follows:

[Proxy settings]=[HTTP]=[Parent server]: Enabled Hostname: Web server's address (Ex: 127.0.0.1) Port: Web server's port(Ex: 80)