Tunneled protocol detection analyzes traffic to discover protocols that are tunneled over HTTP and HTTPS. Traffic that is allowed to tunnel over specific ports is also scanned. Such traffic is reported to Websense Web filtering for protocol policy enforcement. When tunneled protocol detection is enabled, scanning is performed on both inbound and outbound traffic, regardless of other scanning settings.
HTTP tunneling occurs when applications that use custom protocols for communication are wrapped in HTTP (meaning that standard HTTP request/response formatting is present) in order to use the ports designated for HTTP/HTTPS traffic. These ports are open to allow traffic to and from the Web. HTTP tunneling allows these applications to bypass firewalls and proxies, leaving a system vulnerable.
The tunneled protocol detection feature scans HTTP and HTTPS traffic and, when it detects a protocol, forwards it to Websense Web filtering for policy enforcement. At this point, a protocol is blocked or allowed based on policy definitions. This feature can be used to block protocols used for instant messaging, peer-to-peer applications, and proxy avoidance.