Hi,
when you add this to a CPL-Layer:
<proxy>
url.domain="nasa.gov" trace.request(yes) trace.destination("Trace-log123")
<ssl>
url.domain="nasa.gov" trace.request(yes) trace.destination("Trace-log123")
and!!!
SSL-Interception is active:
You will find:
1. tcp://nasa.gov - this is the TCP-Handshake between Proxy and Webserver
2. ssl://nasa.gov - this is the SSL-Handshake, where Proxy and Webserver negotiate the Chipers, tls-version and certificate(s).
3. GET https://nasa.gov/path/index.html - This is the Download of Files/html etc. from the Webserver.
When SSL-Interception is switched off: you will only see the TCP and the SSL
When SSL-Detection is switched off: you should only see the TCP
Or:
When the default rule on your Proxy is set to deny - you would need to allow bypassed-traffic in the VPM/CPL - you could add an Trace-Log (trace.request(yes) trace.destination("bypass-log") to this rule, that allows the bypass-traffic. (Ok this will also work with default on allow).
And in the other case: add an trace-log to the ssl-interception rule: (trace.request(yes) trace.destination("SSL-Intercepted")
Original Message:
Sent: Jun 24, 2025 01:05 PM
From: Team INS
Subject: How to differentiate SSL Intercept and SSL Bypass in Policy Trace logs
Hi,
I've collected Policy trace logs and want to know to understand the SSL Intercept and SSL Bypass for the same URL.
Ex: krisp.ai application Policy trace logs collected for both SSL intercept and SSL Bypass.
Thankyou in Advance.