"
A few things to check:
SSL Bump & RBL order: Make sure the SSL-Bump happens before the RBL filtering. If RBL checks occur before the bump, it may not correctly see the actual domain names and could block HTTPS connections erroneously.
SNI inspection: Some RBLs rely on SNI to identify domains during TLS handshakes. If your setup isn't properly inspecting SNI, it might misinterpret connections.
Certificate pinning / strict TLS: Banking sites often use certificate pinning. If "ssl ignore cert" is on, some apps might still reject the connection due to mismatched certificates, even if the domain isn't blocked.
RBL data formatting: Double-check the UT1 RBL file formatting. Sometimes extra lines, unexpected characters, or UTF BOMs can cause false positives in filtering.
Logging & packet capture: Enable full logging for the proxy and capture traffic when a site fails. This usually reveals whether the block is happening at the RBL check or due to SSL handling.
Most likely, the combination of SSL-Bump and RBL processing is causing false positives. Adjusting the filter order or using SNI-based exceptions for banking sites usually resolves it.
SSL Bump & RBL order: Make sure the SSL-Bump happens before the RBL filtering. If RBL checks occur before the bump, it may not correctly see the actual domain names and could block HTTPS connections erroneously.
SNI inspection: Some RBLs rely on SNI to identify domains during TLS handshakes. If your setup isn't properly inspecting SNI, it might misinterpret connections.
Certificate pinning / strict TLS: Banking sites often use certificate pinning. If "ssl ignore cert" is on, some apps might still reject the connection due to mismatched certificates, even if the domain isn't blocked.
RBL data formatting: Double-check the UT1 RBL file formatting. Sometimes extra lines, unexpected characters, or UTF BOMs can cause false positives in filtering.
Logging & packet capture: Enable full logging for the proxy and capture traffic when a site fails. This usually reveals whether the block is happening at the RBL check or due to SSL handling.
Most likely, the combination of SSL-Bump and RBL processing is causing false positives. Adjusting the filter order or using SNI-based exceptions for banking sites usually resolves it.
