HTTPS response page

cancel
Showing results for 
Search instead for 
Did you mean: 

HTTPS response page

L4 Transporter

Dears,

 

I have created one custom response page(including image) that is for application block and URL block.

example:- If someone wants to access a restricted URL or application the page should be displayed on the customer screen.

 

I can see, once I apply the custom response page in the URL block page and application block page. then access the HTTP traffic the page display was showing properly, however, while accessing the HTTPS site not able to get the response page.

I have applied the SSL forward proxy decryption. and the traffic decrypted correctly.

 

Jafar_Hussain_0-1616934348405.png

 

Can anyone help me to achieve this?

 

16 REPLIES 16

@Chacko42 @nikoolayy1 

 

I modify to the default page and add an image to refer to these documents:-

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-f...

 

Jafar_Hussain_0-1617259630466.png

 

then i am getting the below block page that is expected.

 

Jafar_Hussain_1-1617259684676.png

 

but the custom page that is created by my team is not working.

We mentioned this that you need to check if the custom page for example uses img tag that gets the image from a server URI, where HTTP is allowed but HTTPS is not allowed by the server or the firewall or other security policy. I think you need to check this with your team that made the custom page.

 

 

Use F12 devtools or HTTPWatch or Fiddler to check the code for the response page as I think the Palo Alto or web blowser automatically change for example:

 

 

<img src="http://www.w3schools.com/images/lamp.jpg" alt="Lamp" width="32" height="32">

 

 

TO

 

 

<img src="https://www.w3schools.com/images/lamp.jpg" alt="Lamp" width="32" height="32">

 

 

As it was said better host images and so on things on the Palo Alto firewall than making the user to connect to a server for the image of the custom page and as you see you will not have such issues.

 

 

Any update on this and if you managed to resolve it?

@nikoolayy1 

 

Nope, our server team is checking.

L0 Member

Have you found a solution? We are facing the same issue here.

 

We decrypt all traffic. The response page works fine for http but for websites with ssl the browser identifies an unsecure connection although we have a valid certificate installed. I tried already all the ideas mentioned before, but it is still not working.

The browser shows redirection issues. For ebay.de the response page starts with: 'https://2.18.234.244:6081/php/urladmin.php?args=AAAAaQAAABBAJiCETo.....' .

Cyber Elite
Cyber Elite

Maybe you have ssl certificate issues as the hostname is 2.18.234.244 as this should match the CN and the CA could be self signed and not public? Also on the firewall have you allowed port 6081 for ssl/web-blowsing by creating a custom service?

 

@HolgerKrause Looks like there are also authentication policy rules involved in this. This website on port 6081 belongs to captive portal and not to a response page for a blocked website or application

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!