11-18-2021 10:05 AM
I was trying the URL filtering yesterday and I had two issues I couldn't find any information in the documentation.
(I am using a ZD1200 running 10.4.0.0.70 firmware. I can upgrade the firmware if necessary to get new features.)
1- I couldn't find any way to customize the block page. Our environment requires me to have multiple languages on the block page and a link for users to open a ticket to request the page to be added to the whitelist. (Having our logo on the page would be good as well.) Does anyone know how to customize the block page?
2- The URL filtering works on both HTTP and HTTPS, but the block page only appears when browsing on HTTP, not HTTPS. Considering that most website/browser will automatically redirect to HTTPS, the users will never see the block page and will only see a browser error. Does anyone know how to have the block page appear on HTTPS?
11-18-2021 11:16 AM
Block page is not customizable.
I will check if its possible to do in latest version.
For HTTPS block page, could you confirm, if controller has a CA signed cert or not?
Also I think you should open a case with support, as they can reproduce the issue in lab and see if there is any issue with the feature.
11-18-2021 11:33 AM
Yes, the controller has a signed CA cert. (I imported the one that allow us to access the dashboard without any certificate issue. Is it the same?)
See the screenshot for the error I was getting on Firefox on HTTPS instead of the block page.
11-21-2021 09:07 AM
For my understanding, for pages which use HSTS, when any of the latest browsers receives unexpected page with different (even valid) SSL certificate - blocking page, it blocks it, and I don't see any way around this.
Another thing is that having public certificate may be not enough (as ZD should be on internal network, it's private IP must be resolved by used DNS server as FQDN in certificate). For security reasons it is a very bad idea to have ZD on public address! Your internal DNS server should serve both ZD and clients... But this should be working fine, as you mentioned that you can access dashboard without certificate warning.
11-26-2021 11:09 AM
I can confirm it is not an HSTS issue nor a certificate issue. Our certificate is a public certificate and our internal DNS is correctly configured for the controller and client.