Configuring WebFilter by Category (HTTPS) in SECUI
The WebFilter feature in SECUI applies not only to HTTP traffic but also allows filtering of HTTPS traffic by category. This is important because most websites today use HTTPS encryption, and without additional configuration, filtering may not be effective.
By enabling HTTPS WebFilter and the SNI Check feature, you can block encrypted websites based on categories such as gambling, adult content, or social media.
Figure 0.1 HTTPS WebFilter Topology in a SECUI Network
1. Login to SECUI
The first step is to log into the SECUI system using an administrator account.
Figure 1.1 SECUI Login Screen
2. Configure HTTPS WebFilter
• Access the WebFilter Menu
Navigate to:Object / Security Profile > WebFilter > WebFilter Profile
Figure 2.1 WebFilter Profile Menu
• Add a New WebFilter Profile
Create a new profile and name it as needed.
Figure 2.2 Creating a WebFilter Profile
• Enable Categorized URL Check
Enable the Categorized URL Check option to filter sites based on their category.
Figure 2.3 Enable Categorized URL Check
• Select Categories to Filter
Define how the WebFilter should handle each category:
| Mode | Function |
|---|---|
| ❌ Disable | Not used |
| ✅ Allow | Allowed (not blocked) |
| 👀 Detect | Detected only, not blocked |
| ⛔ Block | Blocked if the website falls under this category |
Figure 2.4 HTTPS Website Category Settings
3. Enable SNI Check for HTTPS
To filter HTTPS websites, enable the SNI Check for HTTPS feature. This allows SECUI to identify the domain name (SNI) before the session is encrypted.
Figure 3.1 Enabling SNI Check for HTTPS
4. Attach WebFilter to Firewall Policy
To activate the WebFilter, apply the created profile to your firewall policy.
• Access the Firewall Policy Menu
Navigate to:Security Policy > Firewall Policy Settings
Figure 4.1 Firewall Policy Settings Menu
• Add WebFilter Profile
Choose the appropriate rule, then attach the HTTPS WebFilter profile.
Figure 4.2 Applying WebFilter HTTPS to Firewall Policy
5. Testing and Validation
After configuration is complete, test to ensure that HTTPS WebFilter is working properly:
- Try accessing an HTTPS site that falls under a blocked category.
- Ensure the access is denied or blocked by the system.
- Check the logs to confirm the activity is recorded by the WebFilter.
• Access a Blocked HTTPS Site
Figure 5.1 Testing Access to a Blocked HTTPS Site
• Check WebFilter Logs
Open Log/Report > Log > Webfilter Log to see whether the system has logged the blocked attempt.
Figure 5.2 HTTPS WebFilter Log Showing Detection and Blocking
Conclusion
The HTTPS WebFilter in SECUI provides additional protection to control access to encrypted websites. By enabling the SNI Check feature, you can maintain security policies even when websites use HTTPS encryption.
Regularly review the category settings and logs to ensure optimal performance and policy alignment with your organization’s needs.
If you need assistance or further consultation, feel free to contact us!
Last Updated
May 16, 2025
Category
URL Filtering, Network Security
Share This
On This Page
Contact us for
Free Consultation!
Share your challenges, and we'll provide the best solutions for your business, Connecting with us is as simple as clicking a button, and let us come to you.
