"User Agent" filtering and https

Security Gateway Discussions
Post Reply
Posts: 39
Joined: 13 Feb 2018, 16:20

"User Agent" filtering and https

Post by SECOIT GmbH » 09 Mar 2020, 10:02

Hi All,

I haven't tried yet but somebody might already have:

I'm looking into user agent filtering which has been introduced cOS Core 13.00.01.
Since basically all web traffic is now https (for example a bigger customer the last 7 days are 91.41% https according to their log server I just checked) I was wondering if it will work with https.

According to the manual:
- Functions that Only the LW-HTTP ALG Can Perform: ... User Agent Filter Support ...
- Functions the LW-HTTP ALG Cannot Perform: ... The LW-HTTP ALG does not support HTTPS traffic ...

So does that mean that user agent filtering will not work on https?

Using packet capture and Wireshark I don't see the user agent in the clear text part of the https negotiation (like SNI) so I guess the encrypted traffic would need to be broken up to be able to see the user agent.

So if that's not working with https, what options do we have? 3rd party product?

(And only if I'm understanding the manual correctly and user agent filtering will not work with https, please allow me the question why a new feature was introduced recently which basically has not "real life" meaning where basically all relevant web traffic is https?)
Best Rregards

Post Reply