https://blog.mishraji.org/tags/dlp/ Recent content in Dlp on mishraJi Hugo en-us Mon, 09 Mar 2026 00:00:00 +0000 https://blog.mishraji.org/posts/cloudflare-ztna-part-2/ Mon, 09 Mar 2026 00:00:00 +0000 https://blog.mishraji.org/posts/cloudflare-ztna-part-2/ <p>In <a href="https://blog.mishraji.org/posts/cloudflare-ztna-part-1/">Part 1</a>, we enabled TLS inspection to get HTTP policies working against HTTPS traffic — that&rsquo;s how we blocked social media sites on port 443. We got it working, but I didn&rsquo;t really explain <em>what</em> TLS inspection is actually doing under the hood. Let&rsquo;s fix that.</p> <p>TLS inspection is essentially a man-in-the-middle. When your device initiates an HTTPS connection, Cloudflare Gateway intercepts it, terminates the TLS session, decrypts the traffic, inspects it, and re-encrypts before forwarding to the destination. Same thing in reverse on the way back. The Cloudflare root CA certificate we installed on the client device is what makes this work without your browser throwing certificate errors on every page.</p>