Custom Response Page

Reply
Highlighted
L3 Networker

Custom Response Page

Hi All,

 

Hoping someone can help. I need a custom response page for URL Filtering. I know I need to use Javascript but that is not my forte so hoping can provide the inform for me. I need to produce two distinct page responses depending on the IP address the user comes from ie:

If they come from address range 10.0.0.0/8 a URL response page produces "Page Blocked for Security Reasons"

If they come from any other address range a URL response page produces "Page Blocked because we have the power to do so".

 

I understand it is a text file I need to upload, it's just the page construct I'm struggling with.

 

Thanks in advance

 

Adrian

Highlighted
L3 Networker

Hi

 

I don't see that IP Address is a known variable in the URL filtering response page, if you want to try or just want the HTML file layout, download the current block page and edit it, then re-upload it:

 

1. Device->Response pages->click on 'URL Filtering and Category Match page'

2. Select predefined then 'export'

3. open text file with editor then import back.

4. Imported file will be called 'shared' and will be used.

 

Take a look here for more info and the

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/device/device-response-pages

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/customize-the-url-filtering-...

 

Hope this help,

Shai

Highlighted
Cyber Elite

Hi @a.jones 

Do you have user-id configured on that firewall? If not then the variable for the username will contain the IP address which you can then use in a javascript that will display the message like you need it.

Highlighted
L3 Networker

Hi All,

 

Apologies I may need to add a bit more detail. The configuration contains multiple paths for different partners for a large wireless network. Each Partner has their own SSID and are assigned a specific subnet. Many share the same Response Page for their web traffic but we have a couple that want to have a different response page carrying their own Partner name. Whilst I cannot add multiple response pages and refer a partner to a specific response page I understand that using javascript I can assign a specific response based on the IP source of the user hence the original question.

 

Regards

 

Adrian

Highlighted
Cyber Elite

@a.jones what PAN-OS verison do you have installed?

Highlighted
L3 Networker

About to upgrade to 8.1.15-h3.

 

We are going to 9 or 9.1 in late Sept/Early Oct.

 

Regards

 

Adrian

Highlighted
Cyber Elite

hi @a.jones 

do you have user-id configured or not? and are the subnets all /24 subnets?

Highlighted
Cyber Elite

so in case you are not using user-id and you have /24 subnets you can use the following response page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<title>Web Page Blocked</title>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
		<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
		<meta name="viewport" content="initial-scale=1.0">
		<style>
		  #content {
			border:3px solid#aaa;
			background-color:#fff;
			margin:1.5em;
			padding:1.5em;
			font-family:Tahoma,Helvetica,Arial,sans-serif;
			font-size:1em;
		  }
		  h1 {
			font-size:1.3em;
			font-weight:bold;
			color:#196390;
		  }
		  b {
			font-weight:normal;
			color:#196390;
		  }
		</style>
		<script type="text/javascript">
			function onload()
			{
				var ip = "<user/>";
				var octets = ip.split(".");
				var subnet = octets[0] + "." + octets[1] + "." + octets[2];
				var title = document.getElementById("title");
				var infotext = document.getElementById("infotext");
				switch (subnet) {
					case "10.0.0":
						title.innerHTML = "Title 1";
						infotext.innerHTML = "Infotext 1";
						break;
					case "10.0.1":
						title.innerHTML = "Title 2";
						infotext.innerHTML = "Infotext 2";
						break;
					case "10.0.2":
						title.innerHTML = "Title 3";
						infotext.innerHTML = "Infotext 3";
						break;
				}
			}
		</script>
	</head>
	<body bgcolor="#e7e8e9" onload="onload()">
		<div id="content">
			<h1 id="title">Web Page Blocked</h1>
			<p id="infotext">Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.</p>
			<p><b>User/IP:</b> <user/> </p>
			<p><b>URL:</b> <url/> </p>
			<p><b>Category:</b> <category/> </p>
		</div>
	</body>
</html>

The only thing you need to change is the statements in the switch statement according to your subnets and the title and text you want to display to the user.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!