Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Customize Block Pages with Web Policy Code

You can modify the block pages in the Secure Web Gateway Web Policy Builder using the Policy Code View. 

IMPORTANT: Improperly modifying this code can severely damage the web policy functions. Be sure to understand the code before you change it or add anything to it.

Secure Web Gateway sends a block page to a user's browser when that user requests to access a website that is blocked by a rule of your web policy. It includes:

  • Logo of your organization
  • Name of your organization
  • Block page footer
  • Block message
  • Block reason
  • URL of the blocked website
  • IP address of the user

Using a template in the Web Policy Builder, you can insert the logo and name of your organization in the block page, as well as the text of the block page footer.

But to add your own message for the block message and reason, you must use the Policy Code View. 

  1. In Secure Web Gateway, go to Policy > Web Policy > Policy.

  2. From the Web Policy Tree, select a rule set with rules that block user requests for web access. For example, select Global Block > Global Block Lists.

    Use this rule set to globally block web access. It is processed at the beginning of a filtering cycle. After it blocks access to a website, the cycle finishes.

    This means you can ensure that access to the website is blocked, regardless of what any following rule would have done about it. 

  3. Click Add Custom Rules, then select Via Policy Code.

  4. Scroll down the code of the Global_Block_Lists routine that appears until you see the code lines for the rule that blocks access to domains depending on their URLs.

    The rule begins in or around line 23 with a comment that gives it a name.

// Global Blocked URLs
IF blockByURL AND MWG.Url.SmartMatch (urlBlockList) THEN {
        MWG.Block (McAfee_Blocked_by_URL_filtering, "Global Blocked URLs", "Global Block
           by URL")
}

       The rule uses the MWG.Block procedure to block access to a domain if the conditions in the IF clause are met.

       The procedure then displays a block page to the user.

       There are two conditions:

  • The rule is enabled. It is enabled here because the value of the blockByURL variable is TRUE. If this is the value, only the variable name is shown in the code while the value is itself omitted.
     
  • The domain name matches with one of the entries in a block list. To find out whether this is so, the MWG.URL.SmartMatch function is run with the urlBlockList as its parameter.

               The MWG.Block procedure has three parameters:

  • McAfee_Blocked_by_URL_Filtering — Settings for the procedure

      These settings specify that a block page with standard text for the block message and reason is
      displayed to the user.

  • Global Blocked  URLs — Name of the rule that triggered the blocking

  •  Global Block by URL — Block reason 

                          The block reason parameter is shown here using internal wording, which can differ from the
                          wording on the block page.

      When the blocking procedure runs with the McAfee_Blocked_by_URL_Filtering settings, the information
      about the block page looks, for example, like this:

       The content you requested is blocked by your organization's security policy.
      Reason: URL is blocked.
      URL: https://www.intertravel.com
      User IP: 142.129.143.123

    5. Modify the code by replacing the standard wording for the block message and reason.

        a. Replace the McAfee_Blocked_by_URL_Filtering of the MWG.Block procedure with
            the McAfee_Custom_Block_Page setting.

            The new setting allows you to set string variables for the wording of the block message and reason.

        b. Insert string variables for the block message and reason before the code line with the MWG.Block procedure.

            Use your own wording to set these variables.

STRING custom block page message = "This website sent content that is blocked under
    our corporate security policy."
STRING custom block page reason = "URL found on block list"

      You can also show a domain name in the block message.

      Use the MWG.Domain function for this, with the mwg.url function as its parameter, and concatenate it with
      the string variable.

STRING custom block page message = MWG.Domain(mwg.url) + " sent content that is
    blocked under our corporate security policy."
STRING custom block page reason = "URL found on block list"

      The code lines shown in step 3 should now look as follows:

// Global Blocked URLs
IF blockByURL AND MWG.Url.SmartMatch (urlBlockList) THEN {
    string customblock page message = MWG.Domain(mwg.url) + " sent content that has
        been blocked under our corporate security policy."
    string customblock page reason = "URL found on block list"
    MWG.Block (McAfee_Custom_Block_Page, "Global Blocked URLs", "Global Block
        by URL")
}

     The information about the block page then looks like this:

      intertravel.com sent content that is blocked by your organization's security policy.
     Reason: URL found on block list
     URL: https://www.intertravel.com
     User IP: 142.129.143.123

  6. Publish your changes and wait until they take effect.

The block page that informs a user about why access to a website is blocked now uses your own wording for the block message and reason.

  • Was this article helpful?