ProxySG & Advanced Secure Gateway

 Domain Fronting Attack Detection Feature on Edge SWG

Jump to  Best Answer
Alex Loo's profile image
Alex Loo posted Dec 11, 2024 08:26 AM

I refer to KB https://knowledge.broadcom.com/external/article/173281/domain-fronting-attack-detection-feature.html .

Do I need to enable SSL intercept in order to implement the Domain Fronting Detection feature?

Tyler's profile image
Broadcom Employee Tyler posted Dec 11, 2024 12:30 PM  Best Answer

Hello Alex, 

Anything that is inside of a TLS encrypted inside of a TLS encrypted flow would need to be decrypted in order to apply policy against it. 

The CONNECT request is not encrypted because it's over HTTP. However, anything you want to compare the CONNECT request to that would be inside of the encrypted flow will not work unless the traffic is fully SSL decrypted. SSL Interception would be a requirement for that.