HTTPS redirects to HTTP for monitoring

William Herrin bill at
Sun Jan 18 17:35:02 UTC 2015

On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 at> wrote:
> I wanted to see what opinions and thoughts were out there.  What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things?  personal use?
> enterprise enterprise?

Hi Grant,

Fidelis Security (part of GD) does this for USG customers. Good guys
with a strong, scalable product.

Basically, all internal web browsers get a custom CA which
authenticates a re-signing cert. HTTPS traffic is decrypted by an IDS
agent, examined and then re-encrypted with the resigning cert.

You have to decide for yourself whether you really want to examine
your users' HTTPS traffic. It does create a rather hostile work
environment for the folks you're playing big brother to. Not quite
camera-in-the-men's-room hostile but hostile enough to deter quality
staff from seeking and maintaining employment.

Bill Herrin

William Herrin ................ herrin at  bill at
Owner, Dirtside Systems ......... Web: <>
May I solve your unusual networking challenges?

More information about the NANOG mailing list