Filtering HTTPS and FTP
As mentioned in the previous section, HTTPS and FTP filtering can be configured on the
Security Appliance using Websense servers. These new features provide a convenient
mechanism of enforcing access policy in your environment. Just as it does with HTTP
filtering, the Security Appliance sends FTP requests to both the destination and the Websense
server when a user makes an FTP request. If the Websense server denies the connection, the
Security Appliance alters the FTP return code to show that the connection was denied. If the
Websense server permits the connection, the Security Appliance allows the successful FTP
return code to reach the user unchanged.
HTTPS filtering, on the other hand, works by preventing the completion of SSL connection
negotiation if the site is not allowed. The browser displays an error message such as “The
Page or the content cannot be displayed.” The command syntax to enable FTP and HTTPS
filtering is as follows:
filter ftp dest-port localIP local-mask foreign-IP foreign-mask
[allow] [interact-block]
filter https dest-port localIP local-mask foreign-IP foreign-mask [allow]