Creating an SSL rule

3 July 2024

ID 186343

To create an SSL rule:

  1. In the application web interface, select the SettingsBuilt-in proxy serverSSL Rules section.
  2. Click Add rule.

    The Add rule window opens.

  3. In the Action drop-down list, select the action that the application will take on the SSL connection:
    • Tunnel.

      The application will not intercept CONNECT requests that satisfy the defined conditions. These requests will not be taken into account in the statistics on processed traffic in the Dashboard section.

      It may also fail to apply protection rules and the following filtering criteria in access rules: MIME type of HTTP message, MIME type of HTTP message part, File size, HTTP Method.

    • Tunnel with SNI check.

      The application will not intercept CONNECT requests that meet the defined conditions and for which an SNI check was performed. These requests will not be taken into account in the statistics on processed traffic in the Dashboard section.

      It may also fail to apply protection rules and the following filtering criteria in access rules: MIME type of HTTP message, MIME type of HTTP message part, File size, HTTP Method.

    • Bump.

      The application will intercept CONNECT requests that satisfy the defined conditions, and analyze the contents of encrypted connections.

    • Terminate.

      The application will block CONNECT requests that satisfy the defined conditions.

    For services that do not support intercepts of CONNECT requests, it is recommended to select the Tunnel action. When the Bump and Tunnel with SNI check actions are applied, an SSL connection may be blocked due to an intercept error.

    The Tunnel action is defined by default.

  4. In the Source settings group, click Add.
  5. In the drop-down list that appears, select the filtering criterion for the connection source:
    • IP address.
    • User agent.
  6. In the Destination settings group, click Add.
  7. In the drop-down list that appears, select the filtering criterion for the connection destination:
    • IP address.
    • Hostname.
  8. In the Ports field, enter one or multiple destination ports.

    The rule will be applied only to connections that use the defined ports.

  9. In the Name box, type the name of the rule.
  10. If necessary, provide any additional information about the rule in the Comment field.
  11. Enable or disable use of the rule by using the Status toggle switch.
  12. Click Add.

The SSL rule will be created and displayed in the table on the SSL Rules tab.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.