# Cyberoam not blocking https websites



## ogame1981

i created a blockyoutube policy , when someone types youtube.com, system tells him he cannot access the website. 

But when a client types https:// he gains normal access .


Any ideas why?


----------



## TheCyberMan

I would create another policy to block https access to youtube also.


----------



## ogame1981

TheCyberMan said:


> I would create another policy to block https access to youtube also.




already did that, it blocks normal youtube but once https is inserted , youtube is then accessed normally.

Is this a vulnerability with cyber oam ?


----------



## epshatto

I'm not familiar with Cyberoam specifically, but there does seem to be a KB article on this issue here:

Cyberoam Knowledge Base

In a nutshell the idea is that an HTTPS connection is encrypted. Therefore, the web fiiltering service cannot inspect the traffic to apply a rule. This allows a user to access what should be a blocked site if they use SSL.

The article seems to suggest there should be an option to enable SSL certificate inspection. I would look in that direction to start with.


----------



## ogame1981

Understood thanks alot mate


----------



## TheCyberMan

No it is not particular to cyberoam any gateway with filter policies can be affected if the user uses a proxy or vpn service over the internet and the way to block that is using SSL inspection on certificates.

Your gateway simply allows passthrough to connect to these services and does not neccessarily perform any inspection unless it is configured to do so.

Hope esphatto's link helps it should.


----------



## ogame1981

will be checking the link once am at work on friday.
Thaks alot for the info and will keep you updated


----------

