HTTPS sites are not recategorized when the hostname is entered
- Article Number: 000003006
- Products: Forcepoint URL Filtering, TRITON AP-WEB, Web Filter & Security, Web Security and Web Filter
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7
- Last Published Date: September 09, 2020
Notes & Warnings
This issue applies only to web security installations that do not use SSL decryption, such as:
HTTPS sites are not recategorized when the hostname is entered.
If your installation is not using SSL decryption, or if the site SNI is not found in the Client Hello in an 8.3 and higher Network Agent standalone deployment, you must provide the IP address to recategorize an HTTPS site as it will not have visibility for the hostname for recategorization.
Find the site IP addressIf you need to find the site IP address, use the ping utility. To ping a site:
Recategorize an HTTPS siteTo recategorize the HTTPS site:
Recategorize an IP RangeUsing Filter Components for a Custom Category in Forcepoint Security Manager will not allow IP ranges or CIDR notation. The only way to recategorize a range is to use Regular Expressions. For information, please see: Using Regular Expressions.
Whenever possible, avoid using Regular Expressions, as their complexity increases load on the Filtering Service.
Using regular expressions as filtering criteria typically increases CPU usage. Tests have shown that with 100 regular expressions, the average CPU usage on the Filtering Service machine increased dramatically. In addition, improper regular expressions can have a greater impact.
Forcepoint Technical Support policies prevent technicians from assisting customers in the creation of regular expressions. It is a legal liability to provide customers with regular expressions if they do not work as intended or causes harm to the system. Therefore, regular expressions is a feature that is provided "as is" with no direct support that is intended to enhance the filtering capabilities and is the responsibility of the customers to learn and implement regular expressions and to thoroughly test the regular expression to avoid causing undue harm to the environment as to not overblock or underblock or cause the Filtering Service to max out the CPU utilization. The information contained here are for informational purposes only, and can cause filtering issues if used inappropriately such as not knowing *exactly* what you're doing.
Adding Regex Expressions to a proxy can incur a dramatic impact on performance. A handful or few dozen Regex Expressions can cause the proxy to fail due to excessive load. As customer's networks are not generally the same, no rule of thumb is available for using Regex expressions. Every network should be analyzed individually to ensure an overload condition does not occur.
Keywords: network agent; ssl decryption; custom category; filtering; policy