This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

No Block Page when accessing Blocked Categories over HTTPS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No Block Page when accessing Blocked Categories over HTTPS

Bocsa
L3 Networker

‎04-28-2017 08:30 AM

Hi there,

I have recently noticed that when I test access to URLs of blocked categories over HTTPS, I do not get a 'Blocked Page' display from the Palo. It just says the Page Cannot be Displayed and show the connection was reset.

 

The URL filtering log correctly show as 'Block-URL' for the action. I just do not get a 'Block Page'. 

SSL decrypt is not configured.

 

How can I get a block page for blocked categories over HTTPS, without SSL Decrypt.

 

Your assistance is appreciated

0 Likes Likes
6 REPLIES 6

kiwi
Community Team Member

‎04-28-2017 08:57 AM

Hi @Bocsa,

 

Are you looking for this ?

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Serve-a-URL-Response-Page-Over-an...

 

Hope it helps.

-Kiwi

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!
0 Likes Likes

Bocsa
L3 Networker
In response to kiwi

‎04-28-2017 09:31 AM

Hi,

I had tried this earlier. It doesn't solve the problem. In my case all it did was give me a message saying 'The Connection to the Site is Not Trusted' (ie the standard message you get when accessing an SSL site without a Trusted Certificate.

 

I still do not get a 'Block Page'

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to Bocsa

‎04-28-2017 09:49 AM

@Bocsa,

The security warning could have been a few things:

1) The Forward Trust certificate wan't trusted by the client, this cert actually needs to be imported and trusted by the clients.

2) The site you were attempting to visit wasn't a trusted certificate, so it served the Forward Untrust cert.

 

You also need to enable the ability to inject the response pages within an HTTPS session which could also be the issue. Are you sure that you ran the 'set deviceconfig settting ssl-decrypt url-proxy yes'  command, without this setting then the device won't inject the response pages.

0 Likes Likes

Bocsa
L3 Networker
In response to BPry

‎05-03-2017 01:53 AM

''You also need to enable the ability to inject the response pages within an HTTPS session which could also be the issue''.....I'm not sure of what you mean by enable to ability to inject the response pages here.

 

Yes, I have put in the command 'set deviceconfig settting ssl-decrypt url-proxy yes'

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks