- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-16-2020 04:57 AM
Hi All,
Hoping someone can help. I need a custom response page for URL Filtering. I know I need to use Javascript but that is not my forte so hoping can provide the inform for me. I need to produce two distinct page responses depending on the IP address the user comes from ie:
If they come from address range 10.0.0.0/8 a URL response page produces "Page Blocked for Security Reasons"
If they come from any other address range a URL response page produces "Page Blocked because we have the power to do so".
I understand it is a text file I need to upload, it's just the page construct I'm struggling with.
Thanks in advance
Adrian
07-19-2020 07:23 AM
Hi
I don't see that IP Address is a known variable in the URL filtering response page, if you want to try or just want the HTML file layout, download the current block page and edit it, then re-upload it:
1. Device->Response pages->click on 'URL Filtering and Category Match page'
2. Select predefined then 'export'
3. open text file with editor then import back.
4. Imported file will be called 'shared' and will be used.
Take a look here for more info and the
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/device/device-response-pages
Hope this help,
Shai
07-19-2020 12:49 PM
Hi @a.jones
Do you have user-id configured on that firewall? If not then the variable for the username will contain the IP address which you can then use in a javascript that will display the message like you need it.
07-20-2020 12:51 AM
Hi All,
Apologies I may need to add a bit more detail. The configuration contains multiple paths for different partners for a large wireless network. Each Partner has their own SSID and are assigned a specific subnet. Many share the same Response Page for their web traffic but we have a couple that want to have a different response page carrying their own Partner name. Whilst I cannot add multiple response pages and refer a partner to a specific response page I understand that using javascript I can assign a specific response based on the IP source of the user hence the original question.
Regards
Adrian
07-20-2020 01:19 AM
@a.jones what PAN-OS verison do you have installed?
07-20-2020 01:22 AM
About to upgrade to 8.1.15-h3.
We are going to 9 or 9.1 in late Sept/Early Oct.
Regards
Adrian
07-20-2020 01:41 AM
hi @a.jones
do you have user-id configured or not? and are the subnets all /24 subnets?
07-20-2020 02:19 AM
so in case you are not using user-id and you have /24 subnets you can use the following response page:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Web Page Blocked</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta name="viewport" content="initial-scale=1.0">
<style>
#content {
border:3px solid#aaa;
background-color:#fff;
margin:1.5em;
padding:1.5em;
font-family:Tahoma,Helvetica,Arial,sans-serif;
font-size:1em;
}
h1 {
font-size:1.3em;
font-weight:bold;
color:#196390;
}
b {
font-weight:normal;
color:#196390;
}
</style>
<script type="text/javascript">
function onload()
{
var ip = "<user/>";
var octets = ip.split(".");
var subnet = octets[0] + "." + octets[1] + "." + octets[2];
var title = document.getElementById("title");
var infotext = document.getElementById("infotext");
switch (subnet) {
case "10.0.0":
title.innerHTML = "Title 1";
infotext.innerHTML = "Infotext 1";
break;
case "10.0.1":
title.innerHTML = "Title 2";
infotext.innerHTML = "Infotext 2";
break;
case "10.0.2":
title.innerHTML = "Title 3";
infotext.innerHTML = "Infotext 3";
break;
}
}
</script>
</head>
<body bgcolor="#e7e8e9" onload="onload()">
<div id="content">
<h1 id="title">Web Page Blocked</h1>
<p id="infotext">Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.</p>
<p><b>User/IP:</b> <user/> </p>
<p><b>URL:</b> <url/> </p>
<p><b>Category:</b> <category/> </p>
</div>
</body>
</html>
The only thing you need to change is the statements in the switch statement according to your subnets and the title and text you want to display to the user.
08-23-2020 09:14 AM
Hi,
Apologies for no response. I had been in and out with suspected Covid symptoms for a few weeks.
I have tried this and whether I am doing something wrong.
I need the following IP subnets with the following response:
172.18.24.0/23 and 172.18.26.0/23 responde with
“Access to the web page you were trying to visit has been blocked in accordance with NNC filtering policy. Please contact the Complaints and Compliments team at NNC for more information or if you feel that the site you were attempting to view was inappropriately blocked.”
All other ips responded with:
“Access to the web page you were trying to visit has been blocked in accordance with Corp Partnering filtering policy. Please go to the Corp Partnering webpage for more information or if you feel that the site you were attempting to view was inappropriately blocked.”
This is a multi vsys Palo Alto and this particular vsys is the Public Wifi vsys. All Partners wifi traverses this vsys so there is no Userid but 2 partners want 2 specific subnets with a different response hence my issues.
Regards and thanks as always.
Adrian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!