Decode SSL Certificates

Though you need to proxy for full URL details, there are certain settings within the Web Filter that can help you obtain more accurate reports and keep students safe without the need of a proxy. When an encrypted request is made (a user tries to navigate to a secured site), by default your Web Filter report on that traffic by IP address rather than URL. You can obtain and report the URL of the IP address by enabling the Decode SSL Certificates setting. As a result, the Web Filter will examine the SSL certificate to determine the domain of the certificate owner, then decide to allow or block based on that domain.

For youtube.com the report would show the url as google.com, as seen in their ssl certificate

For youtube.com the report would show the url as google.com, as seen in their SSL certificate

You can enable the Decode SSL Certificates option by navigating to Web Filter > General > Traffic Handling and checking the box next to Decode SSL Certificates.

 

If you want to be able to distinguish between Google’s domains (YouTube, Google, Classroom, Docs, etc.) then the Decode SSL Certificates setting will not be enough – for that you will need to setup your Web Filter as a proxy server. Google uses a single certificate for all of its domains, and setting up your Web Filter as a proxy server is the only way to determine which domains your users are accessing.

Example:

Rocket Configuration Full URL visited by user Reported URL
Decode SSL Certificate Off https://www.youtube.com/watch?v=DOOxoAIEECk 216.239.38.120
Decode SSL Certificate On https://www.youtube.com/watch?v=DOOxoAIEECk google.com
Proxy https://www.youtube.com/watch?v=DOOxoAIEECk https://www.youtube.com/watch?v=DOOxoAIEECk