"denied" page


#1

Hi all

it would be nice to have a “denied” page to be used when filters block a site using filters…


#2

We are looking into this and will update when more info is available. Thanks.


#3

We are targeting to have this on 6.3.2 which is scheduled within Q2. The “denied” page is going to look like below capture:


Thanks,
Eddy


#4

Hi all

this feature is available and works fine for sites on http (DPT=80) but doesn’t work for https (DPT=443)

I’m on BR1, firmware 6.3.2 build 2158

Step to reproduce:

  1. enable all filters (or, at least, the “Update sites” category)
  2. from a client behind the router, try to browse to http://support.apple.com

you’d get something like (expected behaviour):


  1. now try to surf to https://support.apple.com
    and you get

in the first case, in syslog I see:
Jul 28 13:01:49 2932-c98a-d227 URL Logging: Domain <support.apple.com> has been blocked by content filter category <updatesites>
Jul 28 13:01:49 2932-c98a-d227 URL Logging: URL=http://support.apple.com/ SRC=192.168.50.15 DST=23.32.10.110 SNATIP=10.0.0.174 SRCMAC=9c:b7:0d:c9:a1:db SPT=52151 DPT=80

in the second:
Jul 28 13:18:56 2932-c98a-d227 URL Logging: Domain <support.apple.com> has been blocked by content filter category <updatesites>
Jul 28 13:18:56 2932-c98a-d227 URL Logging: SSLCERT=support.apple.com SRC=192.168.50.15 DST=23.32.10.110 SNATIP=10.0.0.174 SRCMAC=9c:b7:0d:c9:a1:db SPT=52245 DPT=443

is it the expected behaviour?
is it a bug?

TIA


#5

Thanks for the catching! Let me check with the team whether this can be improved.


#6

Hi

thank you for your attention… may I suggest to apply the denied page to locally/manually blacklisted sites/domains?

actually, a blacklisted domain gives the same result as an https blocked site (see above)

I’d like my users knows that they can’t go on a site and not think that something is wrong with their/our connection (the second page let them ask for help “hey, internet is not working here!”)

TIA


#7

We can’t inject the block page if there is an HTTPS connection. This is a common problem and happened to all the products in the market. We will see how we can improve there. Below is the URL links for the similar problem on other products.

https://www.websense.com/support/article/kbarticle/Block-pages-for-HTTPS-connections-are-not-displayed


#8

well, I guess it won’t be feasible without a MITM approach, which I don’t like at all

anyway, can the denied page be shown on locally blacklisted domains?


#9

You will see the same behavior with locally blacklisted domains with HTTPS connection.


#10

Content filter redirects to the 8183 port, would be great if I could customize the page with a play-able mov file of my choice.


Redirect Content Filter