Allow Some HTTPS Traffic to Bypass Scanning
Work with a rule set that allows web requests sent to the some domains, hosts, WebEx servers, or Citrix servers to bypass HTTPS scanning and go directly to the Internet.
When these rules are applied to a web request and the request is allowed, all further rule processing stops.
NOTE: From this rule set, you can open and configure the HTTPS Connection and Certificate Verification Options features.
- In Skyhigh CASB, select Policy > Web Policy > Policy.
- In the policy tree, select HTTPS Scanning > HTTPS Connection Options.
- Optionally configure criteria to limit the scope of this rule set.
- Select the HTTPS connection rules that you want enabled. When selected, the rules:
- Do not HTTPS Scan these domains or hosts — Allows web requests sent to the domains or hosts in this list to bypass filtering.
- Do not HTTPS Scan WebEx Servers — Allows web requests sent to the WebEx server IP ranges in this list to bypass filtering.
- Do not HTTPS Scan Citrix Servers — Allows web requests sent to the Citrix server IP ranges in this list to bypass filtering.
NOTE: Traffic sent to WebEx and Citrix servers is preconfigured to bypass HTTPS scanning, because it can't be scanned as web traffic. These settings can't be changed.
- Configure the lists associated with the rules as needed.
Changes to the policy tree, rule sets, or rules are automatically saved. You can publish them to the cloud now or keep working and publish later.