Enable Content Filter HTTPS Domain Filter Block/Warn Page

Michael_I
Michael_I Posts: 42  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security
Hello, when i activate the Block/Warn page, our browser says, that the site isn´t secure. I cant open the Block/Warn page. What can I do?

In this example, facebook ist on the black list.

All Replies

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited January 2021
    It seems both the browser and website support HSTS.
  • Michael_I
    Michael_I Posts: 42  Freshman Member
    First Comment Friend Collector Third Anniversary
    What can I do, to get the Block-Website for user?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @Michael_IMichael_I

    You can use this link to check if website support HSTS: https://hstspreload.org/ e.q. typing www.facebook.com and replying it is currently preload HSTS.


    You may also use this link to check if your browser(e.q. IE, Edge, Firefox, Chrome etc.) and its version support HSTS: https://caniuse.com/stricttransportsecurity



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Michael_I
    Michael_I Posts: 42  Freshman Member
    First Comment Friend Collector Third Anniversary
    Yes, the browser supports HSTS. Sorry, still don´t know what to to...
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited January 2021

    Per our discussion, it’s a current browser and website limitation of HSTS for HTTPS browsing security mechanism. Such as the following example, the chrome browser appears HSTS message, it is normal behavior.

    And previously your firefox browser appeared HSTS message, too.



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • itxnc
    itxnc Posts: 98  Ally Member
    First Comment Friend Collector Sixth Anniversary
    edited February 2021
    We've been trying to test out the custom page, but the logo image is always broken. The URL it's going to is the external IP of the router instead of the internal one. Since Port 80 is blocked external... And the color styles don't work either (because the CSS link does the same thing) 


    Do we have to create some weird NAT-Loopback virtual server for this to work right? Why not just use the internal IP instead?

    Update
    Figured it out. For security reasons - we always disable the HTTP server since we only access/admin via HTTPS. But the block page is using HTTP so you don't run into certificate issues. So you have to enable the HTTP service:


    After that? The malware page works:



    Though the Content Filter page doesn't show the logo:


    Would you believe it's because uBlock is actually blocking the image? I can't even begin to imagine why - but confirmed that the 1 blocked item the shield indicated was my WAN IP address. What is the page doing to trigger that?

    Anyway - hope this helps some of you get the custom pages going.

Security Highlight