cancel
Showing results for 
Search instead for 
Did you mean: 

URL filtering custom block page and block page on HTTPS

olivier_turcot
New Contributor

Hello everyone,

I was trying the URL filtering yesterday and I had two issues I couldn't find any information in the documentation.
(I am using a ZD1200 running 10.4.0.0.70 firmware. I can upgrade the firmware if necessary to get new features.)


1- I couldn't find any way to customize the block page. Our environment requires me to have multiple languages on the block page and a link for users to open a ticket to request the page to be added to the whitelist. (Having our logo on the page would be good as well.) Does anyone know how to customize the block page?

2- The URL filtering works on both HTTP and HTTPS, but the block page only appears when browsing on HTTP, not HTTPS. Considering that most website/browser will automatically redirect to HTTPS, the users will never see the block page and will only see a browser error. Does anyone know how to have the block page appear on HTTPS?


Thanks,
Olivier

5 REPLIES 5

syamantakomer
Moderator
Moderator

Hi Olivier,

Block page is not customizable.

I will check if its possible to do in latest version.

For HTTPS block page, could you confirm, if controller has a CA signed cert or  not?

Also I think you should open a case with support, as they can reproduce the issue in lab and see if there is any issue with the feature.

Regards,
Syamantak Omer
Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

olivier_turcot
New Contributor

Hello,

Yes, the controller has a signed CA cert. (I imported the one that allow us to access the dashboard without any certificate issue. Is it the same?)

See the screenshot for the error I was getting on Firefox on HTTPS instead of the block page.

Image_ images_messages_6196aaa414a66e5df74feba0_017150c3d0781c692ea0df48e2dfaacb_firefox-944fa645-ec84-4ad3-b7c9-a852ba4fdac2-1600508748.jpg
Thanks,
Olivier

eizens_putnins
Valued Contributor

For my understanding, for pages which use HSTS, when any of the latest browsers receives unexpected page with different (even valid) SSL certificate - blocking page, it  blocks it, and I don't see any way around this.

Another thing is that having public certificate may be not enough (as ZD should be on internal network, it's private IP must be resolved by used DNS server as FQDN in certificate). For security reasons it is a very bad idea to have ZD on public address! Your internal DNS server should serve both ZD and clients...  But this should be working fine, as you mentioned that you can access dashboard without certificate warning.

olivier_turcot
New Contributor

Hello,

I can confirm it is not an HSTS issue nor a certificate issue. Our certificate is a public certificate and our internal DNS is correctly configured for the controller and client.

Labels