Configuring exclusions in traffic processing rules
Prior to creating exclusions for CONNECT requests, make sure that you have enabled decryption of TLS/SSL connections. Otherwise, encrypted connections will not be scanned by the Anti-Virus and Anti-Phishing modules. This could lead to infection of users' computers.
To configure exclusions for CONNECT requests in traffic processing rules:
In the application web interface, select the Rules section.
Select the Access tab.
Select the rule for which you need to correctly display the block page or redirect the user.
The View rule page opens.
Click Edit.
The Edit rule page opens.
Select the Exclusions tab.
Click + Add exclusion.
If you want to add an exclusion only for users that satisfy the defined criteria, in the Initiator settings group click + Rule criteria and specify the necessary criteria.
If criteria are not defined, the exclusion is applied to all users.
In the Traffic filter settings group, click + Rule criteria.
In the drop-down list that appears on the left, select HTTP Method.
In the drop-down list on the right, select CONNECT.
Click Save.
The exclusion is now configured. The application will not scan HTTP messages that contain the CONNECT method.