cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29566
Views
5
Helpful
17
Replies

Access Control Policy - Block Response Page

Michael Beck
Level 1
Level 1

Prior to implementing blocking (FirePower ASA currently set in passive mode), I need to provide a custom block page.  Ideally this would include a company logo and some text indicating why the page was blocked. The documentation is somewhat light on the how of doing this (Firesight System User Guide Version 5-3-1) Chapter "Managing Access Control Policies".

Questions:

- How to include a logo file (if possible).

- Is there a URL on the Firesight Appliance (or elsewhere) to test the Block Response Page or Interactive Block Response Page?

---------------------------------

SourceFire Virtual Defence Center (64bit)  version 5.3.1 

ASA 5525X's running Firepower 5.3.1

1 Accepted Solution

Accepted Solutions

adhogan
Level 1
Level 1

There is nothing in the Defense Center to test the response. I would just add an access control rule like (src ip: my IP, application:cnn.com) so you can test it from your workstation. 

 

The HTTP Response page is just HTML. There's no GUI or way to upload an image but you really don't need that. 

If you're just blocking (not interactive block) you can always just use an HTML redirect to send somebody to an existing page. If your legal team already has a page with all this language you can just redirect there.

Otherwise just enter the HTML code yourself. 

  1. Edit your Access Control Policy.
  2. Click the HTTP Responses page.
  3. From the drop-down for Block Response Page or Interactive Block Response Page select Custom.
  4. Enter your HTML

If you want to include your logo all you need is a line like:

<img src="http://mycompany.com/logo.jpg">

Just head over to your company's home page and copy the URL of a logo there to use in code like this. 

Or include text like this:

<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong></p><br/><br/>
<p>Not judging or anything. Maybe just not at work, okay? Consult your system administrator for details.</p>

View solution in original post

17 Replies 17

adhogan
Level 1
Level 1

There is nothing in the Defense Center to test the response. I would just add an access control rule like (src ip: my IP, application:cnn.com) so you can test it from your workstation. 

 

The HTTP Response page is just HTML. There's no GUI or way to upload an image but you really don't need that. 

If you're just blocking (not interactive block) you can always just use an HTML redirect to send somebody to an existing page. If your legal team already has a page with all this language you can just redirect there.

Otherwise just enter the HTML code yourself. 

  1. Edit your Access Control Policy.
  2. Click the HTTP Responses page.
  3. From the drop-down for Block Response Page or Interactive Block Response Page select Custom.
  4. Enter your HTML

If you want to include your logo all you need is a line like:

<img src="http://mycompany.com/logo.jpg">

Just head over to your company's home page and copy the URL of a logo there to use in code like this. 

Or include text like this:

<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong></p><br/><br/>
<p>Not judging or anything. Maybe just not at work, okay? Consult your system administrator for details.</p>

hi

 

is it possible to include some info on the block reason to end user in this block page template

like blocked because of category XXX, bad reputation, ...

 

thanks

No, there isn't, sorry.

Has there been any updates that would allow this now?  I'm in the same scenario where we would like the client to see why they are getting blocked.  And which category was causing the block so we can easily identify what, as admins, need to tweak. 

 

Thanks,

You can't make it display in the page shown to the end user.

However, if you look in your FireSIGHT Management Center under Analysis, Connection Events; the URL Category for all connections is displayed there.

A simple search (i.e., Action = Blocked and Initiator User = username of end user with the issue) would quickly  show the problematic URL and category

I am also in the group that would love this feature.  Our last web filter had it, and users are starting to get annoyed by not knowing why some things are blocked, creating more helpdesk tickets etc.

It should be a variable that can be inserted into the custom HTML code in the HTTP response page.

Add me to the group that would like this feature.

Perhaps until the feature is added you could include the brightcloud url in the response, so the user can perform their own url test to see what category they triggered.

ohhh, so HTTPS doesnt display that interactive block??! that sucks, i thought i had something misconfigured. that needs to be added most pages nowdays are https..

+1 more for me to that group. 

Hi Team,

We need this feature to ensure that the firewall administrator doesn't always need to check in the logs available in Firesight. Also in case of user in remote locations with access to business websites that will not be that tech savy the categories information will be definitely useful.

Is it a part of roadmap to provide the feature?

Hello Team,

If you need to add this as a feature, please contact your accounts team to open a new enhancement request to add in the upcoming versions. Accounts team can open a enhancement request and work with Sourcefire Dev team to get this done.

Rate if this post helps you.

Regards

Jetsy 

add me to this feature for me i i like.

Not specific reason, just a generic response, and who to contact if the user needs resolution.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: