Aiprotection for HTTPS sites.

[podkaracz]

So aiprotection is useless when it comes to https sites thats what ive seen as it cant inspect encrypted traffic. So if 95% of websites that i visit are https is there a point in having it on? Also is there an equivalent of aiprotection that can somehow react to whats happening when malware shows up on https website?

 

[AndreiV]

The whole point of HTTPS is the encryption, if any system like AiProtection could read the content of HTTPS sites then the security is lost and HTTPS would become pointless.

You could turn off the site inspection in AiProtection and keep the other features, personally when I used an ASUS router I stopped using it as it never did anything at all.

Quad9 DNS will keep you away from known malicious sites.

 

[jplw]

I do not know specifically what AiProtection does, but technically it would be possible to inspect https traffic. Large companies have systems that do that.

 

[MatynK]

I do not know specifically what AiProtection does, but technically it would be possible to inspect https traffic. Large companies have systems that do that.

Not sure how that can happen seeing as the traffic is encrypted end to end.

I work for a large corporation and the way their proxy works is to filter the traffic in and out of the office by classification of URLs/IPs.
The system allows the administrators to specify which classifications are and are not allowed to go through the proxy.
Thus is blocked at the request, not based on the content of the actual traffic.

 

[Zetto]

Not sure how that can happen seeing as the traffic is encrypted end to end.

Usually with their own SSL sertificates and basically MITM to inspect HTTPS traffic. Some governments use that to police their population activity on the internet. Plenty of companies use that to control access to their networks.

 

[technotic]

Not sure how that can happen seeing as the traffic is encrypted end to end.

I work for a large corporation and the way their proxy works is to filter the traffic in and out of the office by classification of URLs/IPs.
The system allows the administrators to specify which classifications are and are not allowed to go through the proxy.
Thus is blocked at the request, not based on the content of the actual traffic.

If it uses a transparent proxy, it can grab the SNI header from https packets when they initiate the conversation, which includes the remote ip/uri..

Before I switched to opnsense, my AiProtection picked up a handful of things and blocked them. Of course when you're looking for malware, it better detect it.

I'm pretty sure aiprotect does SNI peeking and DNSBL blocking. I never really studied it that deep.