Solved: No, there isn't, sorry.

Michael Beck · ‎01-08-2015

Prior to implementing blocking (FirePower ASA currently set in passive mode), I need to provide a custom block page. Ideally this would include a company logo and some text indicating why the page was blocked. The documentation is somewhat light on the how of doing this (Firesight System User Guide Version 5-3-1) Chapter "Managing Access Control Policies".

Questions:

- How to include a logo file (if possible).

- Is there a URL on the Firesight Appliance (or elsewhere) to test the Block Response Page or Interactive Block Response Page?

---------------------------------

SourceFire Virtual Defence Center (64bit) version 5.3.1

ASA 5525X's running Firepower 5.3.1

adhogan · ‎01-09-2015

There is nothing in the Defense Center to test the response. I would just add an access control rule like (src ip: my IP, application:cnn.com) so you can test it from your workstation.

The HTTP Response page is just HTML. There's no GUI or way to upload an image but you really don't need that.

If you're just blocking (not interactive block) you can always just use an HTML redirect to send somebody to an existing page. If your legal team already has a page with all this language you can just redirect there.

Otherwise just enter the HTML code yourself.

Edit your Access Control Policy.
Click the HTTP Responses page.
From the drop-down for Block Response Page or Interactive Block Response Page select Custom.
Enter your HTML

If you want to include your logo all you need is a line like:

Just head over to your company's home page and copy the URL of a logo there to use in code like this.

Or include text like this:

<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong></p><br/><br/>
<p>Not judging or anything. Maybe just not at work, okay? Consult your system administrator for details.</p>

View solution in original post

adhogan · ‎01-09-2015

There is nothing in the Defense Center to test the response. I would just add an access control rule like (src ip: my IP, application:cnn.com) so you can test it from your workstation.

The HTTP Response page is just HTML. There's no GUI or way to upload an image but you really don't need that.

If you're just blocking (not interactive block) you can always just use an HTML redirect to send somebody to an existing page. If your legal team already has a page with all this language you can just redirect there.

Otherwise just enter the HTML code yourself.

Edit your Access Control Policy.
Click the HTTP Responses page.
From the drop-down for Block Response Page or Interactive Block Response Page select Custom.
Enter your HTML

If you want to include your logo all you need is a line like:

Just head over to your company's home page and copy the URL of a logo there to use in code like this.

Or include text like this:

<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong></p><br/><br/>
<p>Not judging or anything. Maybe just not at work, okay? Consult your system administrator for details.</p>

Guillaume BARBEROT · ‎03-20-2015

hi

is it possible to include some info on the block reason to end user in this block page template

like blocked because of category XXX, bad reputation, ...

thanks

adhogan · ‎03-20-2015

No, there isn't, sorry.

James Tavares · ‎10-02-2015

Has there been any updates that would allow this now? I'm in the same scenario where we would like the client to see why they are getting blocked. And which category was causing the block so we can easily identify what, as admins, need to tweak.

Thanks,

Marvin Rhoads · ‎10-04-2015

You can't make it display in the page shown to the end user.

However, if you look in your FireSIGHT Management Center under Analysis, Connection Events; the URL Category for all connections is displayed there.

A simple search (i.e., Action = Blocked and Initiator User = username of end user with the issue) would quickly show the problematic URL and category

nickalleyne · ‎02-02-2016

I am also in the group that would love this feature. Our last web filter had it, and users are starting to get annoyed by not knowing why some things are blocked, creating more helpdesk tickets etc.

It should be a variable that can be inserted into the custom HTML code in the HTTP response page.

Tim Glen · ‎05-25-2016

Add me to the group that would like this feature.

evan.chadwick1 · ‎05-29-2016

Perhaps until the feature is added you could include the brightcloud url in the response, so the user can perform their own url test to see what category they triggered.

JRDIAZ758 · ‎01-01-2017

ohhh, so HTTPS doesnt display that interactive block??! that sucks, i thought i had something misconfigured. that needs to be added most pages nowdays are https..

Pacerfan9_2 · ‎08-29-2016

+1 more for me to that group.

ymadheka · ‎06-23-2016

Hi Team,

We need this feature to ensure that the firewall administrator doesn't always need to check in the logs available in Firesight. Also in case of user in remote locations with access to business websites that will not be that tech savy the categories information will be definitely useful.

Is it a part of roadmap to provide the feature?

Jetsy Mathew · ‎06-23-2016

Hello Team,

If you need to add this as a feature, please contact your accounts team to open a new enhancement request to add in the upcoming versions. Accounts team can open a enhancement request and work with Sourcefire Dev team to get this done.

Rate if this post helps you.

Regards

Jetsy

mishaal-thabet · ‎09-21-2016

add me to this feature for me i i like.

Ed Padilla Jr · ‎07-15-2016

Not specific reason, just a generic response, and who to contact if the user needs resolution.

Access Control Policy - Block Response Page