A growing subset of Web traffic uses HTTPS to create an encrypted tunnel. Regulations often require all Intranet and ASP applications handling sensitive data to use encryption. Traditional (HTTP) proxies can not cache encrypted traffic; hence provide no acceleration, control or bandwidth savings for SSL applications.
HTTPS Proxy are specifically designed to decrypt, apply policy, cache and re-encrypt SSL traffic. As a result, HTTPS Proxy can transparently monitor, control and accelerate SSL traffic. HTTPS Proxy can also apply malware scanning and content filtering to inhibit phishing, spyware and computer viruses hiding inside encrypted tunnels.
There are privacy concerns with SSL proxy. In essence, the IT department is conducting a Man-in-the-middle attack, potentially exposing sensitive corporate information, personal online banking information, etc. Countries such as Sweden have very strong privacy laws, which may require the HTTPS Proxy to handle corporate information with different policy than personal traffic. Content filtering can differentiate this traffic. Additional compromise policy options include caching GIF and JPEG objects (which typically are user interface elements and lack confidential data), but exclude from caching HTML and TXT traffic.
Sometimes the term "SSL proxy" also refers to CGI web proxies that are accessible via encrypted SSL connections. In this case, SSL adds an extra layer of security on top of the CGI proxy system, lessening the chance of data interception.
