By now, you understand what SSL is, how it works, and various methods for filtering SSL traffic. Let’s examine how Lightspeed Systems Web Filter filters SSL.
To understand that, you need to understand a few key terms.
- Inline
- Proxy
- PAC File
- Root Certificates
- Web Cache Communication Protocol (WCCP)
- LS Web Filter Modes
What Does Inline Mean?
It’s pretty simple: You can have a device “inline” or “out of line.
If the device is inline, the data flows through it when going from a client to a Web server. You can compare it to driving a car on the freeway from point A to point B — that freeway is inline.
In contrast, a device that is out of line is like a car on the freeway taking a pit stop for gas, then getting back onto the freeway to continue the journey.
What Is a PAC File?
PAC, or Proxy Auto Configuration, is a file that contains all the settings for what traffic goes to the proxy and what traffic doesn’t. For instance, you can specify in your PAC file that www.mybank.com should not go through the proxy, but all Google traffic should. These files must be created by the network administrator. (Lightspeed does not create your PAC file because these settings vary so much based on schools’ needs and preferences.) The PAC file is then downloaded to the client device/computer.
What Is a Root Certificate?
We’ve talked about SSL certificates, certificate authorities, and the idea of trust. A root certificate is basically a bank of trustworthy certificate authorities. Web browsers come installed with most of major companies’ root certificates. However, because the Lightspeed Systems Rocket creates its own certificate, you need to add a root certificate to the client devices/computers so they trust Lightspeed.
What Is WCCP?
Web Cache Communication Protocol (WCCP) is a type of protocol used to handle decisions to send traffic to the Web filter in proxy mode, which basically bypasses the need to install the PAC file. (This is handy for BYOD programs.)
These are the most important concepts. Now, let’s look at the Lightspeed Systems Web Filter.
The Lightspeed Systems Web Filter can be configured to operate in three modes:
- Transparent bridge
- Proxy
- Firewall URL filtering
A transparent bridge configuration means that the Rocket is placed in line and acts like a bridge for the traffic to cross.
Proxy mode means that the Rocket is placed out of line and is acting as a proxy server. If you want to be able to decrypt SSL traffic, you need to be in proxy mode.
School networks are all unique, and as such, Lightspeed has created a highly flexible Web filter that allows for the combination of many different settings and setups. For further help, please take a look at our community site. As always, feel free to contact us directly for support.
Firewall URL filtering is an out-of-line solution for larger networks in which the Web filter’s primary role is that of a policy server.
In addition to these three modes, there are a few settings within the Rocket that affect how it handles SSL traffic.
Decode SSL
If you check this box, you can read the SSL certificate and see the domain that the client is trying to access.
Decrypt SSL
This allows you to decrypt the SSL session and see the full URL. (You have to be in proxy mode in order to use this option.)
How Reports are affected by each option
This table helps you to see how each setting and mode works with SSL traffic.
Search query via YouTube: “newtons laws”
URL: https://www.youtube.com/results?search_query=newtons+laws
