In this tutorial, we’ll see how to set up https url filtering (SSL) without needing to decrypt and therefore deploy the stormshield certificate.
This solution does not display a blocking page, users will have a blank page.
Implementing https URL filtering
1. Log in to your Stormshield.
![Stormshield : filtrage url https](https://rdr-it.io/wp-content/uploads/images/01-login-511x400.png)
2. In the menu on the left, go to SECURITY POLICY 1 then SSL filtering 2 and click on Add rules by category 3.
![Politique SSL](https://rdr-it.io/wp-content/uploads/images/02-gotosllmenu-600x326.png)
3. All categories 1 on your Stormshield should be added to the filter policy.
![Liste des catégories](https://rdr-it.io/wp-content/uploads/images/03-categories-ajoutees-600x327.png)
4. You must now for each category 1, modify the action. To block, you must put the Block without decryting action and pass Pass without decryting.
![Choix de l'action par catégorie](https://rdr-it.io/wp-content/uploads/images/04-regles-categories-600x95.png)
5. Check that the last line is the category any 1. Depending on the desired policy, modify the action. Then click Apply 2 to save.
![Parametrage du any](https://rdr-it.io/wp-content/uploads/images/05-regle-cat-down-600x42.png)
The filtering rules are read from top to bottom, if the category any is not the last, what is below is ignored.
6. Go to Filtering – NAT 1, add a new SSL inspection rule 2.
![Ajout d'une règle](https://rdr-it.io/wp-content/uploads/images/06-goto-rule-addmenu-600x327.png)
7. Configure source and destination 1, select the SSL profile you just made 2, and click Finish 3 to add the rules.
![Configuration de la regle](https://rdr-it.io/wp-content/uploads/images/07-config-rule-ssl-568x400.png)
8. Two rules are created, you can see at the level of the first application filtering. Click Save and apply 1 to apply the changes.
![Visualisation des regles](https://rdr-it.io/wp-content/uploads/images/08-regle-ssl-600x354.png)
Apply an antivirus scan is not useful, to perform the analysis must decrypt the SSL.