Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

How to Modify the Web Policy Code Using the Code View: Block Pages

Using the code view, you can modify the code for the block pages shown under the web policy that is implemented on Skyhigh Security Service Edge.

Improperly modifying this code can severely damage the web policy functions. Be sure to understand the code before you change it or add anything to it.

A block page is sent to a user's browser when a request for accessing a website that the user submitted is blocked under a rule of your web policy. It includes:

  • Logo of your organization
  • Name of your organization
  • Block page footer
  • Block message
  • Block reason
  • URL of the blocked website
  • User IP address

Using a template on the normal user interface, you can insert the logo and name of your organization in the block pages, as well as a text for the block page footer.

Only the code view allows you, however, to use your own wording for the block message and reason.

  1. On the user interface, navigate to a page with options for setting rules that block user requests for web access.
    For example, navigate to the page where web access is blocked globally.
    1. Select Policy > Web Policy > Policy.
    2. On the Web Policy page, expand the Global Block branch of the policy tree and select Global Block Lists.

      This page is for globally blocking web access. The rules that you set here are processed at the beginning of a processing cycle. After blocking access to a website, the cycle finishes.

      This means you can ensure that a website is blocked, regardless of what any other rule that would have followed in the cycle would have done about it.

      The page includes options for setting a rule that blocks access to domains with URLs matching the entries in a block list that you maintain. You can modify the block page that belongs to this rule using the code view.
       
  2. Switch to the code view.
  3. Scroll down the code of the Global_Block_Lists routine that appears until you see the code lines for the rule that blocks access to domains depending on their URLs. The rule begins in or around line 23 with a comment that gives it a name.
// Global Blocked URLs
IF blockByURL AND MWG.Url.SmartMatch (urlBlockList) THEN {
        MWG.Block (Blocked_by_URL_filtering, "Global Blocked URLs", "Global Block
           by URL")
}

The rule uses the MWG.Block procedure to block access to a domain if the conditions in the IF clause are met. Then the procedure displays a block page to the user.

There are two conditions:

  • The rule is enabled.
    It is enabled here because the value of the blockByURL variable is TRUE. If the value is this, only the variable name is shown in the code while the value is itself omitted.
  • The domain name matches with one of the entries in a block list.
    To find out whether this is so, the MWG.Url, SmartMatch function is run with the urlBlockList as its parameter.

The MWG.Block procedure has three parameters:

  • Blocked_by_URL_filtering — Settings for the procedure
    These settings specify that a block page with standard text for the block message and reason is displayed to the user.
  • Global Blocked URLs — Name of the rule that triggered the blocking
  • Global Block by URL — Block reason
    The block reason is shown here using an internal wording, which can differ from the wording on the block page.

When the blocking procedure runs with the Blocked_by_URL_filtering settings, the information about the block page looks, for example, like this:

The content you requested is blocked by your organization's security policy.
Reason: URL is blocked.
URL: https://www.intertravel.com
User IP: 142.129.143.123

  1. Modify the code by replacing the standard wording for the block message and reason.
    1. Replace the Blocked_by_URL_filtering setting of the MWG.Block procedure with the Custom_Block_Page setting.
      The new setting allows you to set string variables for the wording of the block message and reason.
    2. Insert string variables for the block message and reason before the code line with the MWG.Block procedure. Use your own wording to set these variables.
STRING custom block page message = "This website sent content that is blocked under
    our corporate security policy."
STRING custom block page reason = "URL found on block list"

You can also show a domain name in the block message.

Use the MWG.Domain function for this, with the mwg.url function as its parameter, and concatenate it with the string variable.

STRING custom block page message = MWG.Domain(mwg.url) + " sent content that is
    blocked under our corporate security policy."
STRING custom block page reason = "URL found on block list"

The code lines shown in step 3 should now look as follows:

// Global Blocked URLs
IF blockByURL AND MWG.Url.SmartMatch (urlBlockList) THEN {
    string customblock page message = MWG.Domain(mwg.url) + " sent content that has
        been blocked under our corporate security policy."
    string customblock page reason = "URL found on block list"
    MWG.Block (Custom_Block_Page, "Global Blocked URLs", "Global Block
        by URL")
}

The information about the block page then looks like this:

intertravel.com sent content that is blocked by your organization's security policy.
Reason: URL found on block list
URL: https://www.intertravel.com
User IP: 142.129.143.123

  1. Publish your changes and wait until they take effect.

The block page that is displayed when a user of your organization attempts to access a website with a URL that matches one of the entries in your block list, now uses your own wording for the block message and reason.

  • Was this article helpful?