Filtering Content by App Rules using DPI-SSL

Make sure that Enable SSL Inspection and Application Firewall options are enabled on General tab of POLICY | DPI-SSL > Client SSL. For more information, refer to Configuring General DPI-SSL/TLS Client Settings.

To filter HTTPS and SSL-based traffic by app rules using DPI-SSL

1. Navigate to POLICY | Rules and Policies > App Rules .
2. Click the Global Settings icon and select Enable App Rules.

3. Configure an HTTP Client policy to block Microsoft Internet Explorer browser with block page as an action for the policy.

   Here is an example to configure a match object and set the action for the app rule policy. But you can configure and set the action in other ways to allow or block the content.

   1. Create a match object with Web Browser as Match Object Type on OBJECT | Match Objects > Match Objects page and add MSIE Browser to the match object.
   2. Add an app rule with HTTP Client as Policy Type on POLICY | Rule and Policies > App Rules page. Set match object created in previous step in Match Object Included and/or Match Object Excluded options.
4. Access any website using the HTTPS protocol with Internet Explorer to verify it is blocked.

 

Enabling App Control Service on a Zone