Hello,
I'd like to create an app that would allow me to block https url. I run ssl-proxy and it works, as I can see substituted ssl certificate (my srx1500 does the susbstitution). But the rule won't go. Here it is:
rule block-youtube-url {
match {
dynamic-application app1;
}
then {
deny;
}
}
default-rule {
permit;
}The custom app is defined like this:
show services application-identification application app1
over HTTP {
signature s1 {
member m02 {
context http-url-parsed;
pattern ".*youtube\.com\/watch.*";
direction client-to-server;
}
}
}and then this all applied to policy like this:
match {
source-address tests;
destination-address any;
application [ junos-https junos-http ];
}
then {
permit {
application-services {
ssl-proxy {
profile-name ssl-inspect;
}
application-firewall {
rule-set test2;
}
}
}
log {
session-close;
}
}
and by running show command I see that traffic hits only the default-rule (permit), not the app1 rule. If I try some built-in rules - the work. I can deny skype etc. But not the custom one. I know that I might be doing it wrong, but I would like you guys to help me 
PS
I've followed this article (its a bit old, but point is the same).
PPS
And the youtube is only for testing purposes, I DON'T want to block it.