ProxySG & Advanced Secure Gateway

We are doing content filtering with the BlueCoat Proxy as well as doing SSL intercept with it. 

We've been attempting to block Hulu and Netflix for a while now. Unfortunatley we're not getting the results we're expecting. 

If I do https://hulu.com we get the blocked content page as we would expect. However as soon as we type https://www.hulu.comthe site loads and functions as normal. 

When adding the www to the URL I notice it does pull in a bunch of content servers which we also added to the block list but the site still loads. We tried the Application Control feature of Bluecoat and checking the Hulu box but still no affect at all and the site is still accessible. 

Looking for insight from others that have successfully blocked these sites for HTTPS as well as HTTP. 

Hi Zach,

can you share the CLI Code that you've applied to block the site on Web Access Layer?

Best Regards,

Eric Halim

This is what's in the web policy:

client.address="Networks" category="TV-Streaming Blocklist" exception(user_defined.blocked_site)

    condition="TV-Streaming Apps" client.address="Networks" exception(user_defined.blocked_site)

define category "TV-Streaming Blocklist"

    //twitch.tv/ 

    //www.hulu.com/watch 

    //www.hulu.com/site-player 

    //hulu.com/ 

    //hulustream.com/ 

    //huluedgecast.com/ 

    //huluqa.com/ 

    //san.huluqa.com.edgekey.net/ 

    //netflix.com/ 

    //nflximg.com/ 

    //nflximg.net/ 

    //nflxext.com/ 

    //nflxext.net/ 

    //nflxvideo.net/ 

end

define condition "TV-Streaming Apps"

    url.application.name=Hulu

    url.application.name=Netflix

    url.application.name="Twitch TV"

end

Also Tried this in the CPL:

  Policy to block Netflix - Begin

<proxy>

server_url.host.substring=netflix deny

server_url.host.substring=nflximg deny

server_url.host.substring=nflxext deny

server_url.host.substring=nflxvideo deny

;  Policy to block Netflix - End

;  Policy to block Hulu - Begin

<proxy>

server_url.host.substring=hulu deny

server_url.host.substring=hulustream deny

server_url.host.substring=huluedgecast deny

server_url.host.substring=huluqa deny

;  Policy to block Hulu - End

Hi Zach,

                  What is your deployment mode ? For explicit users, the above list should block the access if the request is hitting these DENY rules and no other ALLOW rules in later layer. If you are using transparent proxy, the above block rules might not be enough due to https. Also in transparent SSL Interception only will make the proxy to see the domain name etc to apply the above block. If you are not performing SSL Interception, we will need to try block bsaed on IP address. Please comment on your deployment mode.

We are currently use transparent proxy with SSL intercept

Hi Zach,

how about changing the action from deny to FORCE deny?

Best Regards,

Eric Halim

Unfortunately no luck with the FORCE deny. Still was able to get to https://www.hulu.com

Hi Zach,

can you share the output for this command "show proxy-services services name HTTPS" on CLI?

Best Regards,

Eric Halim