Web Security: Show Block Page for HTTPS Sites
actually if an HTTPS web site is blocked due to proxy settings (ie. you want to block https://www.facebook.com) the user does not shows the classic "Blocked content page" by Astaro, but he sees a generic browser error. It seems that it happens because of a security modification applied by all browser producers (IE, firefox, opera, ecc). Astaro should conform to these new changes, otherwise all users could think that the website they want to see is not reachable cause of techical issues (generated by their network admin or by remote web site admins).
I think this request is very important and urgent.
Here more details:
When ssl scanning is disabled and a https website is blocked the users get no information about the reason in the moment. .
Some News: I upgraded to v8, there are some differences with this issue respect to v7
- When HTTPS scan is ON, and I surf to a forbidden web site (ie https://imo.im with chat category forbidden), I cannot surf (ok) but no "Content Blocked Page" is shown. Instead of this page, the browser get an error (behaviour I don't like).
- When HTTPS scan is OFF, and I surf to a forbidden web site, I can surf (because in v7 content filter was not applied to a https site if https scan was off).
Now with v8
- When HTTPS scan is ON, and I surf to a forbidden web site, "Content Blocked Page" is shown: FANTASTIC, it is what I asked for!! :)
- When HTTPS scan is OFF, and I surf to a forbidden web site, I cannot surf (ok) but no "Content Blocked Page" is shown: I get the browser error I saw in v7 when https scan was OFF.
In other words, the problem has been solved when https scan is ON, but now happens when https scan is OFF :(
Already done, they said it's an issue of browsers (but in all browsers I see this issue, ie, firefox, opera, ecc.)
I see what I expect to see: the content block page.
Perhaps we are still talking about different things but
this is not a chat platform, so contact Astaro Support or the Presales team (presales-DACH@astaro.com) or Astaro User Bulletin Board.
The descripted behaviour is confirmed by support, so I don't know how is possibile that you have no issue.
Do you run in transparent proxy or standard proxy?
In the second case, if you try to block https://www.facebook.com and you try to surf in it what do you see?
Well it works for me at least in IE 8 and FF 3.5 using ASG v8.100 but I am pretty sure it also worked in V8.0 and 7.5.
Hi Elrmar. Unfortunately it is not a certificate issue (I think I shold change the text of my request because I bet that 90% of users didn't understand correctly what I mean).
What happens is this: if you try to surf in a web site that should be blocked by asg, and you run in non-transparent mode, and this site is https, you get no Blocked content page, but an error that can vary from browser to browser. For example in firefox you get "Connection refused by proxy". So the users think that there is a problem in your network or in the web site that he wants to see. My clients are able to surf in https sites fine, so it is not a certificate issue.
It works if you enable https scanning and trust the https proxy ca certificate in the browser.