topic yes, but I am really just in Network Security

SSL Block Page work around

kenny.cacka — Tue, 12 Mar 2019 12:51:27 GMT

I know that sourcefire can't natively throw up a block page on SSL encrypted pages, but does anyone know of a work around?

Are you saying you want to

Philip D'Ath — Thu, 31 Dec 2015 23:15:21 GMT

Are you saying you want to block all https traffic? If so just tell the ASA to do this.

Hi,

ankojha — Sun, 03 Jan 2016 16:26:25 GMT

Hi,

If you are running the latest version 6.0, since the ssl decryption feature is added , you

can enable it and set the action to interactive block for your requirement.

Rate if it helps.

Thanks,

Ankita

The only catch with using

Philip D'Ath — Sun, 03 Jan 2016 20:55:43 GMT

The only catch with using this feature is you have to be able to put a trusted CA certificate on every machine and device that sits behind SourceFire to make it work. This can be quite prohibitive sometimes.

Sorry guys, I should have

kenny.cacka — Mon, 04 Jan 2016 22:24:20 GMT

Sorry guys, I should have been more clear. I know that you can block SSL pages, however when it gets blocked, it does not put up a response page saying something like "This page is unauthorized, please contact your administrator." Which, as you know, you get a page like that when it is just regular http traffic. I hope this makes sense.

yes, but I am really just

kenny.cacka — Mon, 04 Jan 2016 22:25:24 GMT

yes, but I am really just talking about the Block Response page. It doesn't happen if the traffic is HTTPS.

Hi Kenny,

ankojha — Wed, 06 Jan 2016 11:22:44 GMT

Hi Kenny,

Could you check under access control policy -> HTTP response tab

if response message is set to none /system provided ?

Thanks,

Ankita

yes, http works fine and

kenny.cacka — Wed, 06 Jan 2016 15:00:54 GMT

yes, http works fine and shows a proper block page. Just when going to https sites does the block page not show. It is my understanding that this is normal behavior, I am just looking for a work around.

Hi Kenny,

ankojha — Mon, 18 Jan 2016 17:04:52 GMT

Hi Kenny,

The workaround would be to use ssl inspection policy so that this traffic can be decrypted and you can get the custom block page. This feature is available in version 6.0.

Thanks,

Ankita

Hi

Thomas Winther — Fri, 22 Jan 2016 21:34:19 GMT

Did anyone succeed in showing a response page for ssl, when enabling inspection?

Please say yes 🙂

//Thomas

nope, I was told that I would

kenny.cacka — Fri, 22 Jan 2016 23:44:11 GMT

nope, I was told that I would need a SSL appliance in front of the ASA so the info was decrypted before it got to me. Also, SSL decryption on the ASA takes a 80% hit right off the bat so it's not even worth turning on.