A block page is what your users see when they attempt to visit a domain that is not allowed by the Policy - Policy - a unified collection of content filtering categories, security categories, and whitelist/blacklist entries you have assigned to their network or roaming agent. DNSFilter allows you to customize the appearance, behavior, bypass passwords, and notifications related to a block page.
There are two types of block pages:
- A hosted block page will halt the user and present organizational information, as well as options to enter a bypass password or notify the administrator.
- An external block page will immediately send a 302 redirect to the user to a location that you set. This may be a local-only resource (http://office.local/block.html) or a public resource (http://validdomain.com/block.html).
DNSFilter allows for you to customize the block page in a variety of ways. Only hosted block pages can be customized, for the reason that an external block page is actually a redirect to a custom web location.
A hosted block page can be created by navigating to the Policies -> "Block Pages" category on the dashboard and selecting "Hosted Block Page" as shown below.
Set "Hosted Block Page"
Several fields are available to edit:
- Block Page Name - The internal friendly name that is used by you to assign the policy to your networks.
- Organization Name - The is the name of your organization that will be displayed as the party responsible for blocking access to the domain.
- Notice E-mail - This is the e-mail address which will receive complaints/requests from endusers for unblocking or reviewing the domain in question via an embedded form. (Leaving this field blank disables the ability to send a message).
- Custom Logo - This allows you to display a logo no the block pages. (Leave blank to show no logo).
Appearance of Hosted Block Page
Multi-lingual Support for Block Pages
Hosted Block Pages can display in one of several languages, depending on the browser language of the enduser device. The languages we currently support are: English, Spanish, Portuguese, Turkish, Ukrainian, Italian, Russian, French, Czech, and German.
Bypass Passwords are a legacy feature which will be replaced due to the following shortcomings:
- Once a Bypass Password is used, it bypasses all blocked categories, domains, and security categories for the duration of the browser session. There is no granularity with regards to what is or isn't allowed, or how long it's allowed.
- Some websites do not work with Bypass Passwords, such as:
- There is only one password per policy and no automatic expiration of passwords
We recommended utilizing our user agents for granular content filtering when possible.
Conflict with NAT IPs feature
Bypass passwords are based on the egress IP of the request. Therefore it is incompatible with the NAT IPs feature (which allows different policies based on forwarding to different addresses). There can only be one bypass password in effect for a given network at a given time, unless using our User Agent.
This feature allows an administrator to specify a password that can be used to bypass Filtering Policies when users encounter a blocked website. The password is used on a per-policy basis, not on a per-website basis, so keep this in mind when developing your policies. It is also not time-limited, so the password will always be valid for that policy unless it is changed.
To set a proxy bypass password, first edit/create a Block Page in the Policies Menu. Ensure that you have the "Hosted Block Page" selected as the block page type:
You may then navigate to the Bypass Password tab, turn on the feature, and enter a password:
Set Bypass Password
To make sure this feature works with websites over HTTPS, please consider installing our SSL Certificate.
Once you have customized your block page type and appearance, you are ready to assign it to the appropriate site(s). To do this, navigate to the Deployments -> "Sites" section of the dashboard. Click the row matching your desired site under the "Assigned Block Page" column. A dropdown will appear for you to select the name of your block page. A confirmation dialog will appear that your network has been updated.
If you have entered a Notice E-mail on a hosted block page, you will receive email notifications from users when they request that you take action to unblock a page. There are a few steps to take upon receiving these emails:
- Compare the user's requested site against your filtering policy. Visit the site to see if the content is in violation of the policy.
- You can choose to whitelist the site if it seems as though the categorization is correct, but for business reasons, you still need to allow access for your network.
- If it appears as though the categorization is incorrect, you can use the Domain Lookup tool in the upper-right of our app, and submit a miscategorization request. We typically process these within 1-2 days. You can choose to whitelist the domain prior to our recategorization so that your users have immediate access.