topic Access Control Policy - Block Response Page in Network Security

Access Control Policy - Block Response Page

Michael Beck — Tue, 26 Mar 2019 01:15:36 GMT

Prior to implementing blocking (FirePower ASA currently set in passive mode), I need to provide a custom block page. Ideally this would include a company logo and some text indicating why the page was blocked. The documentation is somewhat light on the how of doing this (Firesight System User Guide Version 5-3-1) Chapter "Managing Access Control Policies".

Questions:

- How to include a logo file (if possible).

- Is there a URL on the Firesight Appliance (or elsewhere) to test the Block Response Page or Interactive Block Response Page?

---------------------------------

SourceFire Virtual Defence Center (64bit) version 5.3.1

ASA 5525X's running Firepower 5.3.1

There is nothing in the

adhogan — Fri, 09 Jan 2015 19:29:20 GMT

There is nothing in the Defense Center to test the response. I would just add an access control rule like (src ip: my IP, application:cnn.com) so you can test it from your workstation.

The HTTP Response page is just HTML. There's no GUI or way to upload an image but you really don't need that.

If you're just blocking (not interactive block) you can always just use an HTML redirect to send somebody to an existing page. If your legal team already has a page with all this language you can just redirect there.

Otherwise just enter the HTML code yourself.

Edit your Access Control Policy.
Click the HTTP Responses page.
From the drop-down for Block Response Page or Interactive Block Response Page select Custom.
Enter your HTML

If you want to include your logo all you need is a line like:

Just head over to your company's home page and copy the URL of a logo there to use in code like this.

Or include text like this:

<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong></p><br/><br/>
<p>Not judging or anything. Maybe just not at work, okay? Consult your system administrator for details.</p>

hi is it possible to include

Guillaume BARBEROT — Fri, 20 Mar 2015 11:06:24 GMT

is it possible to include some info on the block reason to end user in this block page template

like blocked because of category XXX, bad reputation, ...

thanks

No, there isn't, sorry.

adhogan — Fri, 20 Mar 2015 16:17:08 GMT

No, there isn't, sorry.

Has there been any updates

James Tavares — Fri, 02 Oct 2015 14:17:52 GMT

Has there been any updates that would allow this now? I'm in the same scenario where we would like the client to see why they are getting blocked. And which category was causing the block so we can easily identify what, as admins, need to tweak.

Thanks,

You can't make it display in

Marvin Rhoads — Sun, 04 Oct 2015 18:12:53 GMT

You can't make it display in the page shown to the end user.

However, if you look in your FireSIGHT Management Center under Analysis, Connection Events; the URL Category for all connections is displayed there.

A simple search (i.e., Action = Blocked and Initiator User = username of end user with the issue) would quickly show the problematic URL and category

I am also in the group that

Nick_A — Tue, 02 Feb 2016 18:34:52 GMT

I am also in the group that would love this feature. Our last web filter had it, and users are starting to get annoyed by not knowing why some things are blocked, creating more helpdesk tickets etc.

It should be a variable that can be inserted into the custom HTML code in the HTTP response page.

Add me to the group that

Tim Glen — Wed, 25 May 2016 18:35:55 GMT

Add me to the group that would like this feature.

Perhaps until the feature is

evan.chadwick1 — Sun, 29 May 2016 21:40:17 GMT

Perhaps until the feature is added you could include the brightcloud url in the response, so the user can perform their own url test to see what category they triggered.

Hi Team,

ymadheka — Thu, 23 Jun 2016 11:42:51 GMT

Hi Team,

We need this feature to ensure that the firewall administrator doesn't always need to check in the logs available in Firesight. Also in case of user in remote locations with access to business websites that will not be that tech savy the categories information will be definitely useful.

Is it a part of roadmap to provide the feature?

Hello Team,

Jetsy Mathew — Thu, 23 Jun 2016 14:49:20 GMT

Hello Team,

If you need to add this as a feature, please contact your accounts team to open a new enhancement request to add in the upcoming versions. Accounts team can open a enhancement request and work with Sourcefire Dev team to get this done.

Rate if this post helps you.

Regards

Jetsy

Not specific reason, just a

Ed Padilla Jr — Fri, 15 Jul 2016 20:06:31 GMT

Not specific reason, just a generic response, and who to contact if the user needs resolution.

+1 more for me to that group.

Pacerfan9_2 — Mon, 29 Aug 2016 19:22:21 GMT

+1 more for me to that group.

Just want to add this feature

Ivan Rezvantsev — Tue, 20 Sep 2016 08:49:53 GMT

Just want to add this feature in future releases.

Also want the same feature for HTTPS.

add me to this feature for me

mishaal-thabet — Wed, 21 Sep 2016 19:59:00 GMT

add me to this feature for me i i like.

ohhh, so HTTPS doesnt display

JRDIAZ758 — Sun, 01 Jan 2017 23:04:01 GMT

ohhh, so HTTPS doesnt display that interactive block??! that sucks, i thought i had something misconfigured. that needs to be added most pages nowdays are https..

We have October 2018 and nothing to https block pages added?

Oliverrietbrock — Sun, 21 Oct 2018 19:01:22 GMT

Hello Team,

It's funny as I'm working with this FP Threat Defence in multiple different scenarios (FTD & ASA+FP) the customer wiches everything easy wich is told to work-at-a-glance shiny and CISCO.

The block-page on categorized URL like facebook or guns is not showing up. In the Cisco documentation stands under limitations just everything else but a solution for now a day web traffic.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01011100.pdf

Best sentence ever:

"HTTP response pages do not always appear when the system blocks web traffic."

Neither the file block reasons were showing up!?!? I know it's not a WSA but seriously?

I'm the idiot working for the Cisco Partner not only selling but building the solution on the customer side.

I can explain why some features are not supported on ASA with FP (File based QoS) but the usual are also not supported????

I'm sorry for my anger but at some point.....

You try your best @Aliki

Cheers

Re: We have October 2018 and nothing to https block pages added?

Tim Glen — Fri, 30 Nov 2018 03:36:05 GMT

> "HTTP response pages do not always appear when the system blocks web traffic."

That's funny.