Use URL Filtering to filter the https://www.facebook.com is fail

Publication Date:  2013-07-26 Views:  3813 Downloads:  0
Issue Description
Eudemon 200E-X7
Version: V300R001C00SPC600

customer configured the url-filter to block the facebook follow this, after this configure the test result is:
browse http://www.facebook.com  is blocked
browse https://facebook.com is ok

pattern-group facebook type keyword
description facebookKiller
pattern facebook
#
pattern-group taringa.net type url
description Pagina de prueba Bloqueo
pattern any taringa
pattern-group facebook type url
pattern any www.facebook.com/
#
url-filter category facebook
description the only page blocked is facebook
url-filter category taringa
#
url-filter policy facebookfilter
default action deny
blacklist group facebook
category user-defined name facebook action deny
category user-defined name taringa action deny
category user-defined move taringa after facebook
#
url-filter policy test
description test
blacklist group facebook
category user-defined move taringa after facebook
#
url-filter policy taringafilter
category user-defined move taringa after facebook
#
#
web-filter policy facebookpolicy
policy url-filter facebookfilter
sek-filter group facebook action alert
#
web-filter policy taringa
web-content upload file-size 102400 action block
web-content download file-size 102400 action block
Alarm Information
None
Handling Process
the URL Filtering cannot filter the https, only http.

if want to filter the https, need use the DPI function

so suggest customer add the dpi conifgure follow this:

1、
dpi enable

2、
dpi-policy test
policy default action permit
rule 0
rule enable
action deny
rule category Web_Browsing application Facebook   

3、
policy interzone trust online8a outbound

policy 1
  action permit
  policy source 172.27.0.12 mask 32
policy dpi test 

policy 2
  action deny
  policy logging
  policy source 172.27.0.12 mask 32
  policy web-filter taringa
Root Cause
1:the http://facebook.com is blocked, so the configure is ok.
2:https is different with http, that's the reason why https can pass
Suggestions
The Eudemon URL Filtering cannot filter the https, only support filter http.

END