URL Criteria for SSL Decryption Rules

The URL criteria of an SSL decryption rule defines the category to which the URL in a web request belongs. You can also specify the relative reputation of sites to decrypt, block, or allow without decryption. The default is to not match connections based on URL categories.

For example, you could block all encrypted Gaming sites, or decrypt all high risk Social Networking sites. If a user attempts to browse to any URL with that category and reputation combination, the session is blocked or decrypted.

To add URL criteria to an SSL decryption rule:

Procedure

Step 1

Click the URL tab to add a URL category to an SSL Decryption rule.

Step 2

Search for and select the URL categories you want to block.

Step 3

By default, the traffic from URLs in the categories you pick will be decrypted by the SSL decryption rule no matter their security reputation. However, you can fine-tune the URL category or all the URL categories in your rule to exclude some sites from decryption based on reputation.

  • To fine-tune the reputation of a single category in the URL:

    1. Click the URL category after you selected it.

    2. Uncheck Any Reputation.

    3. Slide the green slider to the right to choose the URL reputation settings you want to exclude from the rule and click Save.

      The reputations that the slider covers are excluded from the effect of the rule. For example, if you slide the green slider to Benign Sites, Well Known Sites and Benign Sites are excluded from the effects of the SSL Decryption rule for the category you chose. URLs deemed to be Sights with Security Risks, Suspicious Sites, and High Risk Sites will still be affected by the rule for that URL category.

  • To fine-tune the reputation of all the URL categories you added to the rule:

    1. After you have selected all the categories you want to include in the SSL Decryption rule, click Apply Reputation to Selected Categories.

    2. Uncheck Any Reputation.

    3. Slide the green slider to the right to choose the URL reputation settings you want to exclude from the rule and click Save.

      The reputations that the slider covers are excluded from the effect of the rule. For example, if you slide the green slider to Benign Sites, Well Known Sites and Benign Sites are excluded from the effects of the SSL Decryption rule for all the categories you chose. URLs deemed to be Sights with Security Risks, Suspicious Sites, and High Risk Sites will still be affected by the rule for all the URL categories.

Step 4

Click Select.

Step 5

Click Save.

Return to Step 9. "Define the traffic matching criteria"