Web Protection

The HTTP(s) Interception module allows the iShield to monitor and analyse web traffic in order to enforce security policies and protect users from malicious or unauthorised content.

This includes both unencrypted HTTP traffic and encrypted HTTPS traffic.

How HTTP(s) Interception Works

• HTTP Interception
  Inspects unencrypted HTTP traffic and allows requests to be filtered or blocked based on configured policies.

• HTTPS Interception
  Encrypted HTTPS traffic is analysed using peek interception by default.
  This method inspects metadata and early-stage connection information—such as the destination domain obtained via Server Name Indication (SNI)—without decrypting the full payload.

• SSL/TLS Certificates
  SSL/TLS certificates are used to establish trusted encrypted communication when interception mechanisms are in use.

Important: HTTP and HTTPS interception affects multiple protocols, including (but not limited to), SMTP / SMTPS, POP / POPS, FTP / FTPS.

Disabling HTTP(s) Interception

In some cases, it may be necessary to temporarily disable HTTP and HTTPS interception to troubleshoot connectivity-related issues.

Steps to Disable Interception

• Uncheck Enable HTTP Interception

• Uncheck Enable HTTP(s) Interception

• Click Save Changes

• Navigate to Reload Unit

• Click Soft Reload to apply the changes

Warning: When HTTP and HTTPS interception is disabled:

• Traffic bypasses all content filtering and policy enforcement

• Traffic is not recorded in reports

• Visibility and control is significantly reduced

Interception should only be disabled temporarily for troubleshooting purposes.

The Domain Categories / Blacklists page allows administrators to identify how a domain is classified across iShield’s predefined domain categories and blacklists.

Entering a domain name (for example, facebook.com) will return:

• All categories the domain belongs to

• Any associated blacklists

This is useful when:

• A domain appears to be incorrectly classified

• A domain belongs to multiple categories

• Policy behaviour does not match expectations

Domain Classification Behaviour

A domain may belong to more than one category.

For example:

• facebook.com may be listed under both social-media and forums.

If:

• Forums is allowed

• Social Media is blocked

Then access to facebook.com will still be blocked.

In such scenarios, administrators may need to create custom URL groups to explicitly allow specific domains while continuing to block the broader category.

Creating a Blacklist Override

From the menu, select Web Protection

• • Navigate to the Categories / Blacklist Overrides tab.

  • Click Add New Blacklist Override.

  • Select the Blacklist Type

    • System Domain Category / Blacklist

      • Select System domain category / blacklist

      • Choose a blacklist from the drop-down list (e.g. social-media)

      • Click Add Overrides

Or:

• • • Custom Domain Category / Blacklist

      • Select Custom domain category / blacklist

      • Enter a name for the Custom List

      • Click Add Overrides

  • Include or Exclude Domains

    • Click Include Domain or Exclude Domain

    • Enter the domain name (e.g. facebook.com)

    • Click Add Domain Override

    • Click Save Changes

Custom blacklists will be available under Blacklists when creating Web Rules within policies.

Safe Browsing is a security feature that performs real-time checks against known phishing and malware domains.

How Safe Browsing Works

• Real-Time Threat Intelligence
  iShield continuously checks requested URLs against known malicious and poor-reputation sources.

• Phishing Protection
  Access to sites attempting to collect sensitive information such as credentials or personal data is blocked automatically.

Safe Browsing operates alongside other iShield security features and provides an additional layer of protection.

Enabling or Disabling Safe Browsing

• Select Enable Safe Browsing or Disable Safe Browsing

• Click Save Changes

• Navigate to Reload Unit

• Click Soft Reload to apply the changes