Multiple Response Pages

Reply
Cyber Elite

Multiple Response Pages

Does anyone know of a way to make multiple response pages for different user groups. Specifically the URL Filtering and Category Match Block Page? 

Essentially what I'm trying to do is create two different responses; one that will tell you your request was blocked because of policy, and the other one will simply block the traffic and display a blank page that doesn't give the end user any notification that the category in question is actually being blocked.

 


Accepted Solutions
L3 Networker

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

View solution in original post

Cyber Elite


@drogers wrote:

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...


@drogers A coder is the last list of tricks in my bag so I'd hope to clarify something.  Currently a response page for block action is uploaded in code wholly contained in the firewall.  (images base-64 enconded and whatnot)

 

What you're writing here:

 

<script type="text/javascript">
if ("<category/>" == "test") {
window.location="http://www.google.com";
}
</script>

 

essentially category could be a custom URL value or some predefine URL cat like "malware?"  Right...This is "test"?

 

Then if category = "test" in this "response page" that's uploaded into the firewall the response page is actually a redirect to some other webpage / content? 

 

Am I understanding that correctly?  So this would mean we'd need some other web front end via apache / iis hosting these response pages / coding?

 

So:

 

"malware" could get fakedomain.com/malware

"blacklist" could get fakedomain.com/blacklist

"phishing" could get fakedomain.com/phishing

 

... And so on?

 

Thanks,

Brandon

 

--edit-- I hope my understanding is correct and I didn't just write that out all wrong.

View solution in original post


All Replies
L4 Transporter

Hi,

 

Response pages are set globally rather than per policy, so you can't have a different response page based on user. If you don't want to have a response page shown then you can remove response pages from the interface mgmt profile.

 

Ben

Cyber Elite

Thanks Ben! That's what I was seeing but I wanted to make sure that I wasn't missing something. 

L7 Applicator

it's a bit like bringing a bulldozer to put in a nail, but you can have a unique response page per vsys, so a multi-vsys system can have several response pages

 

you can also load the content of the response page from a remote server which might allow you to work with access lists: Using a Custom Response Page to HTTP Redirect

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
L3 Networker

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

View solution in original post

L4 Transporter

I'll second @drogers suggestion to checking out your options with javascript as this is how I'm dealing with my URL Filtering response page.  I stuck some javascript in there to utlize the variables Palo Alto generates to determine what type of page it hit (malware, phishing, etc) and then display the appropriate images/content.

Cyber Elite


@drogers wrote:

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...


@drogers A coder is the last list of tricks in my bag so I'd hope to clarify something.  Currently a response page for block action is uploaded in code wholly contained in the firewall.  (images base-64 enconded and whatnot)

 

What you're writing here:

 

<script type="text/javascript">
if ("<category/>" == "test") {
window.location="http://www.google.com";
}
</script>

 

essentially category could be a custom URL value or some predefine URL cat like "malware?"  Right...This is "test"?

 

Then if category = "test" in this "response page" that's uploaded into the firewall the response page is actually a redirect to some other webpage / content? 

 

Am I understanding that correctly?  So this would mean we'd need some other web front end via apache / iis hosting these response pages / coding?

 

So:

 

"malware" could get fakedomain.com/malware

"blacklist" could get fakedomain.com/blacklist

"phishing" could get fakedomain.com/phishing

 

... And so on?

 

Thanks,

Brandon

 

--edit-- I hope my understanding is correct and I didn't just write that out all wrong.

View solution in original post

L4 Transporter

I believe the redirect was just an example. you have all of javascript at your disposal (assuming the client browser is running javascript), so you can make it as complex or as simple as you wish.

 

but if you do take the redirect approach, yes, you'd have to provide your own server/sever side scripting.

--
CCNA Security, PCNSE7
L3 Networker

Brandon,

   Yes - in my example 'test' is a custom URL category that I used when I was validating this.  The example I was working out was actually for a customer that required a redirect to a 3rd party web server for quarantining users, but you could just as easily use the script to update the DOM to display a completely different set of text / layout based on the URL category.  Or you could do as your example pointed out and send users to different landing pages on your own web server.  Pretty much anything you can do with javascript can be done in place of the redirect in my script...

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!