Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-23-2017 03:51 AM
Hi
I am looking to be able to redirect users to a set page within a website when they visit the homepage
For example user goes to https://www.facebook.com I want them to be automatically redirected to https://www.facebook.com/PaloAltoNetworks/
I have tried using a custom response Page and url category but this just gets into a nasty loop
If anyone could help that would be excellant
Thanks
06-23-2017 05:57 AM
Some sites just are not going to play well with this at all, it's one of those few instances where the best response is "abandon all hope ye who enter here". I don't think you are going to be able to get this to work consistently.
06-23-2017 05:57 AM
Some sites just are not going to play well with this at all, it's one of those few instances where the best response is "abandon all hope ye who enter here". I don't think you are going to be able to get this to work consistently.
06-23-2017 08:05 AM
redirects are not supported as such
you can jury-rig a response page but this will only trigger the same response page if you point to the same hostname and you can only have one response page
you could try using a DNS proxy and poisoning DNS queries and redirecting to internal machines
06-23-2017 01:28 PM
It is not officially supported but ...
I see a chance to do this with javascript on the response page.
only with that it will not be done completely. You will also need different security rules to make sure that only specific websites will present the response page while the one you redirect to need to be allowed without response page ...
for example:
06-23-2017 01:33 PM
I would preference this with a warning that if you do this Chrome will likely through security complaints, Firefox will likely also, of course IE and Edge will likely not care.
06-24-2017 02:14 AM
What exactly do you mean with the mentionned warning?
I shortly tried with a local html file (not as response page). At least there with chrome 59 and firefox 54 the redirect works without issues. Ok, the respone page is shortly visible, but this you can customize with a text like "redirecting in 3, 2, 1 ..." (or something which makes more sense 😛
I will try this shortly at the beginning of next week if it works the same way when actually presented by the firewall as response page
06-26-2017 06:32 AM
I know that chrome seems to know exactly where popular sites like facebook or something like that should resolve; getting in the way of it actually resolving to that site can cause issues and get a error about the traffic potentially getting intercepted.
06-26-2017 06:54 AM
Thanks everyone for your suggestions
I was thinking what I wanted to do couldn't be done without a lot of messing around with DNS and page redirects
Will just go back to management and say that it cannot be done easily
Thanks again
06-26-2017 10:21 AM - edited 06-26-2017 10:43 AM
FYI: The method with the javascript redirect works better than expected - no warning in chrome and firefox - and is really easy to implement.
Simply go to www.facebook.com and you will be redirected to www.facebook.com/paloaltonetworks - or wherever you want do redirect your users to.
With javascript it is even possible to customize this even more:
user opens facebook.com --> redirect to facebook/paloaltonetworks
user opens bing.com --> redirect to google.com
with the user-id data you can even create user-based redirects (but keep in mind that the javascript can be viewed by everyone who gets to the response page) or ip network based redirects. Another case would be redirects based on (custom) url categories.
While you already have a lot of possibilities with the integrated response pages, such a redirect to your own webserver gives you even more possibilities - countless possibilities because there you don't have any space or whatever limitations because you do not have the full control over the webserver which runs on the firewall.
Definately something I have to add to my to do list 😉
06-26-2017 10:25 AM
@Remo wow thanks for the update
Sorry but dont know much regarding javascript, how have you done this. i assume by creating a webpage and uploading this to the palo?
06-26-2017 01:32 PM
Yes, in my (lab) test I exported the default block response page and there I added a little script in the head-section of the html. In this script (because I simply wanted to test your mentionned facebook example) I had only one line: window.location.replace ("https://www.facebook.com/paloaltonetworks");
With this one line (and the needed security policies) I was able to browse to facebook.com where this block page was shown and there this redirect-script was triggered by atting an onload attribut to the htnl body tag.
Now in your case of course a little more customizing will be needed. I assume you also use the url block page for siguations where you do not want a redirect right?
So the script needs to either contain an if-then or switch-case function to make sure the redirect will only be triggered on the websites you want. So you need to pass the actual URL into a javascript variable to further process it. In addition, this block page is visible for <2 seconds. So for the user its better to show something else that the block page when the redirect is initiated.
Ok, if you've done not much with javascript now it sounds a little more complicated but it really isn't.
So if your still interessted I will shortly create what I described here and post it when it's done.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
