O

3 Messages

 • 

90 Points

Thu, Nov 18, 2021 6:05 PM

URL filtering custom block page and block page on HTTPS

Hello everyone,

I was trying the URL filtering yesterday and I had two issues I couldn't find any information in the documentation.
(I am using a ZD1200 running 10.4.0.0.70 firmware. I can upgrade the firmware if necessary to get new features.)


1- I couldn't find any way to customize the block page. Our environment requires me to have multiple languages on the block page and a link for users to open a ticket to request the page to be added to the whitelist. (Having our logo on the page would be good as well.) Does anyone know how to customize the block page?

2- The URL filtering works on both HTTP and HTTPS, but the block page only appears when browsing on HTTP, not HTTPS. Considering that most website/browser will automatically redirect to HTTPS, the users will never see the block page and will only see a browser error. Does anyone know how to have the block page appear on HTTPS?


Thanks,
Olivier

Official Rep

 • 

1.3K Messages

 • 

17.7K Points

11 d ago

Hi Olivier,

Block page is not customizable.

I will check if its possible to do in latest version.

For HTTPS block page, could you confirm, if controller has a CA signed cert or  not?

Also I think you should open a case with support, as they can reproduce the issue in lab and see if there is any issue with the feature.

3 Messages

 • 

90 Points

11 d ago

Hello,

Yes, the controller has a signed CA cert. (I imported the one that allow us to access the dashboard without any certificate issue. Is it the same?)

See the screenshot for the error I was getting on Firefox on HTTPS instead of the block page.

Thanks,
Olivier

473 Messages

 • 

5.8K Points

8 d ago

For my understanding, for pages which use HSTS, when any of the latest browsers receives unexpected page with different (even valid) SSL certificate - blocking page, it  blocks it, and I don't see any way around this.

Another thing is that having public certificate may be not enough (as ZD should be on internal network, it's private IP must be resolved by used DNS server as FQDN in certificate). For security reasons it is a very bad idea to have ZD on public address! Your internal DNS server should serve both ZD and clients...  But this should be working fine, as you mentioned that you can access dashboard without certificate warning.

(edited)

3 Messages

 • 

90 Points

3 d ago

Hello,

I can confirm it is not an HSTS issue nor a certificate issue. Our certificate is a public certificate and our internal DNS is correctly configured for the controller and client.

3 Messages

 • 

90 Points

@olivier_turcot 

Imagine a hacker hacking a Starbucks router and redirecting your https connection to their page.
Notification page cannot be displayed in https connection.

That's a secure connection.

Important Announcement