-
Thank you jcoehoorn and gravenscroft, I've set the blocking page to https and no it works... -
Nope. HSTS has been part of most browsers for years now. It's important to note that this is not being caused by your NG Firewall itself; it's the browser reacting to the injection of the block page. While it may seem irritating, it's actually desired behavior: you want your browser to tell you if your connection has been hijacked somehow.Originally posted by balombi View Post
You should definitely install the root CA to any devices affected by this. This article covers the process for Windows machines and links to articles for other OSes. We can't guarantee this will stop HSTS from triggering, but it's the only thing you really can do from the NGFW's perspective.Leave a comment:
-
This should only impact you if your block page is not served via https.Leave a comment:
-
SNI Inspection - Show blocking page
Hi all,
I have configured the web filter on my Untangle to process SNI information from HTTPS websites.
In the Arista help article (https://wiki.edge.arista.com/index.php/HTTPS) it says that the blocking page cannot be displayed if the Untangle's Root CA is not installed on the client.
I have the root CA installed on a client and still get a certificate warning when calling a blocked HTTPS page, which can't even be bypassed.
There is talk about "[website] uses a security technology called "HTTP Strict Transport Security (HSTS)", which allows Firefox to connect to the website only through secured connections. Therefore, no exception can be added for the website".
Is this a new security feature that allows that the blocking page can not be called despite the installed Untangle Root CA's ?
Can I somehow make the blocking page reappear at least with the Root CA installed ?
Many thanks for suggestions and tips.
balombi
Leave a comment: