In the report logs, a category which is supposed to be blocked is 'Allowed' with the scheme as 'tcp ://'
In the report logs, if you could see the allowed requests are with 'tcp://' scheme. These are the initial TCP hand-shake request that hits the proxy when the user tries to access any HTTPS site. The proxy will detect the protocol and then pass the request to SSL proxy (ssl:// scheme) and once SSL interception is completed you will see https://
The tcp:// requests will be 'Allowed' to always complete protocol detection and SSL interception. At this stage (tcp://), the proxy is not sending the request out to the internet. It is only trying to detect the underlying protocol and complete the interception.
Subscribing will provide email updates when this Article is updated. Login is required.