https firefox

how can i prevent users from going to sites using https in firefox?
I have a sophos proxy set but for some reason even when i put the settings for all ports the users can goto https://www.google.com
but are blocked with http://www.google.com
same with facebook and so on

i want to disable all https access except sites specifically allowed please help.  Settings work just fine in internet explorer.
bbimisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Disable connection to port 443?
0
btanExec ConsultantCommented:
strange why disable all https ...unless you want to inspect non ssl traffic but that is not good practice per se wrt to do inspection in such restrictive scheme to have all traffic be http....shouldnt it be the other way round instead. HTTP Strict Transport Security (HSTS) @ https://www.owasp.org/index.php/HTTP_Strict_Transport_Security or HTTPS everwhere @ https://www.eff.org/HTTPS-EVERYWHERE enforced all traffic to be https
0
bbimisAuthor Commented:
well i only want to allow certain addresses and the loophole is to go to the https version of the site. again it blocks in ie but not firefox.
0
gheistCommented:
There is no loophole. It is agreement between user of site and site to communitcate security. If you intend to install SSL visibility device you need to inform users, make sure they agree, and take responsibility if something goes foul.
0
btanExec ConsultantCommented:
first off, blocking https is not doing good as it is still solving your issue as user can still passed to evade detection in other encrypted tunnel etc, unless you have a total lockdown client machine and with proxy set to go to specific route and proxy. I digress but the point is this is not recommended security practice for the org to go into and a false sense of security.

FF does not use the same proxy setting as IE and Chrome. The latter two uses the same proxy setting. So setting the proxy for IE and Chrome, need to be configured for FF as well. The FF proxy settings are separate from the Internet Explorer proxy settings. You cannot stop a determined user to bypass proxy hence network side also need to ensure single same outbound proxy connection internally minimally...

indeed not that straightforward which is why user and mgmt support is needed. they need to see your value contribution and you should not shortchange your approach unless the risk is well understood ...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.