Web Content Filter - "blocked website" message.

jorge_diaz
Comes here often

Web Content Filter - "blocked website" message.

Hi there, 

 

We deployed an MX64 to the network, we set up the web content filter feature and it's working as intended. The problem is that there seems to be no way for end-users to get a customized message stating the reason why they can't get to the site, users simply get a connection failure message. I contacted Meraki Support and they told me "Unfortunately, we do not have the feature to customize the message when a website is blocked. Kindly submit the feature request", I find it hard to believe but evidently is true. Is there a workaround to get some type of customized message? I'm sure this is something almost any business would like to implement.

 

Thanks in advance... 

2 Replies 2
NGleich
Here to help

Hi jorge-diaz,

 

I have the same "issue" at home with my MX64.

When i visit a blocked category the website request just times out.

 

As far as i know the reason behind this is that Meraki MX devices can't perform SSL decryption for HTTPS websites.

Umberlla does display a block page even for HTTPS connections because Umbrella can do SSL decryption.

 

"Without the root certificate, when your users go to that service, they will receive errors in the browser and the site will not be accessible. The browser, correctly, will believe the traffic is being intercepted (and proxied!) by a 'man in the middle', which is our service in this case. The traffic won't be decrypted and inspected; instead, the entire website won't be available."

 

This is a extract from an Umbrella article explaining the SSL decryption feature.

When you have no root certificate installed in Umbrella it behaves just like the MX devices now and the connection times out rather than you getting an block message.

 

So if my assumption regarding this topic is correct i dont really think that there is a chance for a workaround.

 

Hope that helps 🙂

 

Kind Regards

Niklas

jorge_diaz
Comes here often

Hi NGleich,

 

Thank you for your input. Sorry for the delayed acknowledgment; I didn't see the comment notification. 

 

It helps to understand the reason; I can't believe they haven't - or don't have any plans - of coming up with a solution or workaround; the traffic is hitting the FW; there's got to be a way to flag the connection as dropped and redirect it to another module to display an error message. Anyhow, not a big deal in the location where we deployed it, but I'll evaluate other solutions for future projects.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels