Name

HTTP-826 — SNI was inspected, now HTTPS will be inspected

Severity

N (notify)

Message text

Inspecting HTTPS after SNI was inspected

Description

HTTPS is going to be inspected after Server Name Identification was inspected. Http-proxy during the SNI inspection behaves similarly as when simulating connect because it creates TCP tunnel to the server.

However, when inspecting HTTPS after SNI, the TCP tunnel is not created because the SSL/TLS layer is stripped away to inspect the contained HTTP.

See also

HTTP-821(6), logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.