Block page for security policy matches


Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

L1 Bithead

Block page for security policy matches

Is there a way to return a block page to users when their connection is blocked not by the URL-filter but by a security policy?


We have a security policy that blocks all outbound traffic to a list of foreign countries.  The problem is when users attempt to browse websites in these countries the traffic is blocked but the user doesn't receive any information about why it was blocked- the connection just times out.

IS there a way to send an HTML block page to users when the traffic is blocked?



L7 Applicator

If user tries to browse to website that is running on IP that is not permitted then this attempt is blocked before connection get's to HTTP.

Initial SYN packet gets tcp-rst back and connection is taken down.


What you can try is to:

Create top rule that permits traffic to your country IP addresses, application web-browsing, action allow.

Create second rule below it where destination is any, application is web-browsing and action is block.

And edit application response page.

If I were you I would add some Javascript to it so if application equals to web-browsing then show text "You are browsing to website hosted outside our country".


Enterprise Architect @ Cloud Carib
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!