This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Multiple Response Pages

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Multiple Response Pages

Go to solution
BPry
Cyber Elite
Cyber Elite

‎06-07-2016 07:23 AM

Does anyone know of a way to make multiple response pages for different user groups. Specifically the URL Filtering and Category Match Block Page? 

Essentially what I'm trying to do is create two different responses; one that will tell you your request was blocked because of policy, and the other one will simply block the traffic and display a blank page that doesn't give the end user any notification that the category in question is actually being blocked.

 

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
drogers
L3 Networker

‎04-17-2017 09:32 AM - edited ‎04-17-2017 09:32 AM

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

View solution in original post

Go to solution
Brandon_Wertz
L6 Presenter
In response to drogers

‎04-19-2017 05:06 AM - edited ‎04-19-2017 05:08 AM

@drogers wrote:

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

@drogers A coder is the last list of tricks in my bag so I'd hope to clarify something.  Currently a response page for block action is uploaded in code wholly contained in the firewall.  (images base-64 enconded and whatnot)

 

What you're writing here:

 

<script type="text/javascript">
if ("<category/>" == "test") {
window.location="http://www.google.com";
}
</script>

 

essentially category could be a custom URL value or some predefine URL cat like "malware?"  Right...This is "test"?

 

Then if category = "test" in this "response page" that's uploaded into the firewall the response page is actually a redirect to some other webpage / content? 

 

Am I understanding that correctly?  So this would mean we'd need some other web front end via apache / iis hosting these response pages / coding?

 

So:

 

"malware" could get fakedomain.com/malware

"blacklist" could get fakedomain.com/blacklist

"phishing" could get fakedomain.com/phishing

 

... And so on?

 

Thanks,

Brandon

 

--edit-- I hope my understanding is correct and I didn't just write that out all wrong.

View solution in original post

8 REPLIES 8

Go to solution
bmorris1
L4 Transporter

‎06-07-2016 07:42 AM

Hi,

 

Response pages are set globally rather than per policy, so you can't have a different response page based on user. If you don't want to have a response page shown then you can remove response pages from the interface mgmt profile.

 

Ben

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to bmorris1

‎06-07-2016 07:45 AM

Thanks Ben! That's what I was seeing but I wanted to make sure that I wasn't missing something. 

0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite

‎06-07-2016 07:49 AM

it's a bit like bringing a bulldozer to put in a nail, but you can have a unique response page per vsys, so a multi-vsys system can have several response pages

 

you can also load the content of the response page from a remote server which might allow you to work with access lists: Using a Custom Response Page to HTTP Redirect

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
drogers
L3 Networker

‎04-17-2017 09:32 AM - edited ‎04-17-2017 09:32 AM

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

Go to solution
jsalmans
L4 Transporter
In response to drogers

‎04-18-2017 09:09 AM - edited ‎04-18-2017 09:09 AM

I'll second @drogers suggestion to checking out your options with javascript as this is how I'm dealing with my URL Filtering response page.  I stuck some javascript in there to utlize the variables Palo Alto generates to determine what type of page it hit (malware, phishing, etc) and then display the appropriate images/content.

Go to solution
Brandon_Wertz
L6 Presenter
In response to drogers

‎04-19-2017 05:06 AM - edited ‎04-19-2017 05:08 AM

@drogers wrote:

You can actually do this type of thing with a little javascript - here's an example script: 

 

<script type="text/javascript">
if ("<category/>" == "test") {
    window.location="http://www.google.com";
} 
</script>

If you insert that in the

<head>

section of your response page, any traffic that matches the category named 'test' will redirect to www.google.com.  

 

 

You can also match on user, file, rule name, etc...

@drogers A coder is the last list of tricks in my bag so I'd hope to clarify something.  Currently a response page for block action is uploaded in code wholly contained in the firewall.  (images base-64 enconded and whatnot)

 

What you're writing here:

 

<script type="text/javascript">
if ("<category/>" == "test") {
window.location="http://www.google.com";
}
</script>

 

essentially category could be a custom URL value or some predefine URL cat like "malware?"  Right...This is "test"?

 

Then if category = "test" in this "response page" that's uploaded into the firewall the response page is actually a redirect to some other webpage / content? 

 

Am I understanding that correctly?  So this would mean we'd need some other web front end via apache / iis hosting these response pages / coding?

 

So:

 

"malware" could get fakedomain.com/malware

"blacklist" could get fakedomain.com/blacklist

"phishing" could get fakedomain.com/phishing

 

... And so on?

 

Thanks,

Brandon

 

--edit-- I hope my understanding is correct and I didn't just write that out all wrong.

Go to solution
bradk14
L4 Transporter
In response to Brandon_Wertz

‎04-19-2017 06:57 AM - edited ‎04-19-2017 06:58 AM

I believe the redirect was just an example. you have all of javascript at your disposal (assuming the client browser is running javascript), so you can make it as complex or as simple as you wish.

 

but if you do take the redirect approach, yes, you'd have to provide your own server/sever side scripting.

--
CCNA Security, PCNSE7
0 Likes Likes

Go to solution
drogers
L3 Networker
In response to Brandon_Wertz

‎04-19-2017 08:55 AM

Brandon,

   Yes - in my example 'test' is a custom URL category that I used when I was validating this.  The example I was working out was actually for a customer that required a redirect to a 3rd party web server for quarantining users, but you could just as easily use the script to update the DOM to display a completely different set of text / layout based on the URL category.  Or you could do as your example pointed out and send users to different landing pages on your own web server.  Pretty much anything you can do with javascript can be done in place of the redirect in my script...

 

 

  • 2 accepted solutions
  • 8040 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks