A block page is what your users see when they attempt to visit a domain that is not allowed by the policy you have assigned to their network or Roaming Client. DNSFilter allows you to customize the appearance, behavior, bypass passwords, and notifications related to a block page.
There are two types of block pages:
- A hosted block page will halt the user and present organizational information, as well as options to enter a bypass password or notify the administrator.
- An external block page will immediately send a 302 redirect to the user to a location you set. This may be a local-only resource (http://office.local/block.html) or a public resource (http://validdomain.com/block.html).
Below is a video demonstration of creating a block page:
Block Page Appearance
DNSFilter allows you to customize the block page in a variety of ways. Only hosted block pages can be customized because an external block page is actually a redirect to a custom web location.
A hosted block page can be created by navigating to the Policies > “Block Pages” category on the dashboard and selecting “Hosted Block Page” as shown below.
Several fields are available to edit:
- Block Page Name - The internal friendly name that is used by you to assign the policy to your networks.
- Organization Name - This is the name of your organization that will be displayed as the party responsible for blocking access to the domain.
- Notice E-mail - This is the e-mail address that will receive complaints/requests from end users for unblocking or reviewing the domain in question via an embedded form. (Leaving this field blank disables the ability to send a message).
- Custom Logo - This allows you to display a logo on the block pages. (Leave blank to show no logo).
Testing Block Page
You can test your custom block page by either using our test domains located at the following link - Test Domains or by attempting to browse to either a blocked category or domain you have added to your block list.
Block Page FAQs
Yes. Hosted Block Pages can display in one of several languages, depending on the browser language of the end user device. The languages we currently support are English, Spanish, Portuguese, Turkish, Ukrainian, Italian, Russian, French, Czech, German, and Hebrew.
Yes. We support a 302 redirect to another webpage for a completely custom appearance.
Block Page Bypass
- Once a Bypass Password is used, it bypasses all blocked categories, domains, and security categories for the duration of the browser session. There is no granularity about what is or isn’t allowed or how long it’s allowed.
- Some websites do not work with Bypass Passwords, such as:
This feature allows an administrator to specify a password that can be used to bypass Filtering Policies when users encounter a blocked website. The password is used on a per-policy basis, not on a per-website basis, so keep this in mind when developing your policies. It is also not time-limited, so the password will always be valid for that policy unless changed.
To set a proxy bypass password, first, edit/create a Block Page in the Policies Menu. Ensure that you have the “Hosted Block Page” selected as the block page type:
You may then navigate to the Bypass Password tab, turn on the feature, and enter a password:
To make sure this feature works with websites over HTTPS, please consider installing our SSL Certificate.
Assigning a Block Page
Once you have customized your block page type and appearance, you can assign it to the appropriate site(s). To do this, navigate to the Deployments > "Sites" section of the dashboard. Click the row matching your desired site under the "Assigned Block Page" column. A dropdown will appear for you to select the name of your block page. A confirmation dialog will appear that your network has been updated.
Responding to a Block Page Notification
If you have entered a Notice E-mail on a hosted block page, you will receive email notifications from users when they request that you take action to unblock a page. There are a few steps to take upon receiving these emails:
- Compare the user’s requested site against your filtering policy. Visit the site to see if the content is in violation of the policy.
- You can choose to whitelist the site if it seems as though the categorization is correct, but for business reasons, you still need to allow access for your network.
- If it appears as though the categorization is incorrect, you can use the Domain Lookup tool in the upper-right of our app and submit a miscategorization request. We typically process these within 1-2 days. You can choose to whitelist the domain prior to our recategorization so that your users have immediate access.
Troubleshooting Block Page form submissions
When opening the form to submit a dispute against a specific domain, you may see the following error "Failed to send message, please try again"
The most common reason this happens is that you may be attempting to do this from blocked.dnsfilter.com, as highlighted in the image above. Or you may have previewed the Block page and attempted to submit the form. This is expected behaviour as the form submission feature only works after visiting a specific domain. This feature is not designed to submit successfully from preview mode or blocked.dnsfilter.com. Once you visit the correct domain, the form should send correctly.
If the "Failed to send message, please try again" error appears from a specified domain, we would recommend the following details below as additional occurrences that can trigger this error:
- Confirm if the email address you have set up for your block page notification is a forwarding email address. It's possible that your email account is configured to redirect inbound messages to another email address automatically.
- You may have waited too long -- if you’re on this page for an extended period of time, then the block will no longer be in our ‘hot cache’
- This could also happen if you have some artificial caching on your end. For example, if you have additional caching between you and DNSFilter, where you’re increasing the TTL. So, in other words, you are still hitting the block page, but we never saw the DNS request that took you there.
- You may have misconfigured your networks. The way DNSFilter is to be configured is a single ‘site’ per physical location, and each site can accept multiple IPs for primary, secondary, etc., network providers at that location. If you instead configure each provider as a different ‘site', it can lead to problems like this.
- You may be artificially sending users to our block page without our DNS resolution: /etc/hosts, or your own DNS resolving layer.
- Both DNS IP and web IP must be present on the site deployment. You can find the IP address at the bottom of the Block page.
Article is closed for comments.