Tag Archives: WCCP

When Good HTTPS Goes Bad

In this great age of computer security, few can argue that protecting your users from harmful content on the web is a must. Since nearly the beginning of the Internet, system administrators have been using web proxies to help conserve bandwidth, and control browsing habits of users. Today most security administrators have deployed a secure web proxy of some kind or another. These units, regardless of vendor, offer many advantages over a simple proxy. Advantages like granular access policies and HTTPS interception/inspection. No matter which vendor you choose to partner with for your web content filter or WCF if you prefer, intercepting and decrypting SSL is not perfect; at least for the foreseeable future. This is because HTTPS really isn’t designed to be intercepted, and therefore interception is in a sense; a man in the middle attack being carried out by the WCF. For this reason when you deploy your WCF in your network, be that explicit proxy or transparent (WCCP) proxy, some piece of software will break. When this happens you can use the troubleshooting steps below to see what has gone wrong. This is by no means an exhaustive list of troubleshooting steps, but it is a start. Continue reading