Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3327
Views
5
Helpful
10
Replies

SSL Block Page work around

kenny.cacka
Level 1
Level 1

‎12-30-2015 03:32 PM - edited ‎03-12-2019 05:51 AM

I know that sourcefire can't natively throw up a block page on SSL encrypted pages, but does anyone know of a work around?

1 person had this problem
Labels:
0 Helpful
10 Replies 10

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-31-2015 03:15 PM

Are you saying you want to block all https traffic?  If so just tell the ASA to do this.

0 Helpful

ankojha
Level 3
Level 3

‎01-03-2016 08:26 AM

Hi,

If you are running the latest version 6.0, since the ssl decryption feature is added , you 

can enable it and set the action to interactive block for your requirement.

Rate if it helps.

Thanks,

Ankita

Philip D'Ath
VIP Alumni
VIP Alumni
In response to ankojha

‎01-03-2016 12:55 PM

The only catch with using this feature is you have to be able to put a trusted CA certificate on every machine and device that sits behind SourceFire to make it work.  This can be quite prohibitive sometimes.

0 Helpful

kenny.cacka
Level 1
Level 1
In response to Philip D'Ath

‎01-04-2016 02:25 PM

yes, but I am really just talking about the Block Response page.  It doesn't happen if the traffic is HTTPS.

0 Helpful

ankojha
Level 3
Level 3
In response to kenny.cacka

‎01-06-2016 03:22 AM

Hi Kenny,

Could you check under access control policy -> HTTP response tab 

if response message is set to none /system provided ?

Thanks,

Ankita

0 Helpful

kenny.cacka
Level 1
Level 1
In response to ankojha

‎01-06-2016 07:00 AM

yes, http works fine and shows a proper block page.  Just when going to https sites does the block page not show.  It is my understanding that this is normal behavior, I am just looking for a work around.

0 Helpful

ankojha
Level 3
Level 3
In response to kenny.cacka

‎01-18-2016 09:04 AM

Hi Kenny,

The workaround would be to use ssl inspection policy so that this traffic can be decrypted and you can get the custom block page. This feature is available in version 6.0.

Thanks,

Ankita

0 Helpful

Thomas Winther
Level 1
Level 1
In response to ankojha

‎01-22-2016 01:34 PM

Hi

Did anyone succeed in showing a response page for ssl, when enabling inspection?

Please say yes :-)

//Thomas

0 Helpful

kenny.cacka
Level 1
Level 1
In response to Thomas Winther

‎01-22-2016 03:44 PM

nope, I was told that I would need a SSL appliance in front of the ASA so the info was decrypted before it got to me.  Also, SSL decryption on the ASA takes a 80% hit right off the bat so it's not even worth turning on.

0 Helpful

kenny.cacka
Level 1
Level 1

‎01-04-2016 02:24 PM

Sorry guys, I should have been more clear.  I know that you can block SSL pages, however when it gets blocked, it does not put up a response page saying something like "This page is unauthorized, please contact your administrator."  Which, as you know, you get a page like that when it is just regular http traffic.  I hope this makes sense.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card