A selective proxy analyzes risky web traffic. It examines the domain and full URL of requests to determine if it's risky.
This graphic illustrates how the proxy functions in a network:
This graphic does not illustrate how SIA Proxy behaves when it's configured on a network with an on-premises proxy.
The corporate resolver forwards requests to SIA. Requests are forwarded to the SIA network in the closest geographical region. When Selective Proxy is set as the operating mode or as the mode for mobile traffic in a policy, SIA DNS directs requests to SIA Proxy. The IP address of the SIA proxy server is then cached in the resolver and all suspicious traffic is forwarded to the proxy.
With the selective proxy, SIA Threat Intelligence detects that a domain contains a suspicious URL. Traffic to risky domains is sent to SIA Proxy. However, only specific known threat URLs are blocked, monitored, or analyzed in accordance with the established policy. If a website is not a suspected threat or its category is assigned the Bypass action, it bypasses the proxy. For example, in the graphic above, the safe website is not inspected by the SIA proxy and the request is resolved.
A number of checks are performed to determine how suspicious traffic is handled:
SIA confirms that the request comes from an IP address that is registered as a location for your organization. If the IP address is unknown, the request is dropped.
If the IP address is known, the destination port is checked to confirm that port 443 or 80 is used. If these ports are not used, traffic is dropped.
For port 443, the TLS Server Name Identification (SNI) value is extracted and SIA connects to the origin server with that hostname.
For port 80, traffic is likely HTTP. SIA extracts the hostname from the Host header in the HTTP request.
If the hostname cannot be extracted or identified, the end user is shown an error page.
If your network already contains an on-premise proxy, the SIA proxy can work with the internal proxy without requiring significant changes to your network. For more information, see Support of an on-premises HTTP forward proxy.
Updated about 1 year ago