Customize error pages

Error pages appear when a user violates ETP policy. For example, when a user attempts to access content that is blocked by the AUP or attempts to access a blocked domain or IP address. An error page warns users that website access is prohibited and a violation occurred.

ūüďė

The first time a policy is deployed with a Block action and an Error Page response, it may take up to 30 minutes for the error page to appear to the user.

ETP includes error pages that you can customize the appearance of or you can select to show error pages that are hosted by your organization.

For a complete list of settings that you can modify in ETP error pages, see Error page customization. To use a hosted error page instead of ETP error pages, see Use a hosted error page.

Error pages appear in the language that is associated with the end-user's browser. These pages are translated by the browser.

ūüďė

If you deployed ETP Client, a custom or hosted error page does not appear to end users who make requests from unidentified IP locations. Instead, the users see the Website Access Prohibited message without any customization.

If you choose to use ETP error pages, these error pages are available:

  • Website Access Prohibited
  • Threat Website Warning
  • Acceptable User Policy Violation
  • Error Warning
  • User Authentication Error

Website Access Prohibited

IMAGE_STUBIMAGE_STUB

This page warns that the website has been blocked based on the organization’s policy. The error page also indicates what URL was blocked.

This error page appears in these situations:

  • When a user from an Unidentified IPs location attempts to access a domain that may be a security risk. These users are typically remote users who access content from IP addresses that are not already configured as locations in ETP.

  • When ETP proxy is disabled and malicious HTTP or HTTPS traffic is directed to Enterprise Security Connector version 2.5.0.

Threat Website Warning

IMAGE_STUBIMAGE_STUB

This message appears when a user attempts to access a domain that is a known or suspected threat. If the proxy is enabled, these error pages also appear for malicious HTTP or HTTPS traffic. The message is specific to the threat type. For example, any one of these warnings may appear on this page:

  • Phishing Website Warning. Appears when a user attempts to access a domain that is known or suspected to perform phishing attacks.

  • Malware Website Warning. Appears when a user attempts to access a domain that is known to host malware.

  • C&C Website Warning. Appears when a user attempts to access a domain that is known to perform C&C communications.

Regardless of threat type, the error page also shows what URL was blocked.

Acceptable User Policy (AUP) or Application Visibility and Control (AVC) Violation

IMAGE_STUBIMAGE_STUB

This message appears when a user violates the AUP or AVC settings in a policy. The message indicates which AUP or AVC category was violated. It also shows what URL was blocked.

If a file is blocked as a result of a DLP configuration, this message appears:

IMAGE_STUBIMAGE_STUB

Error Warning

IMAGE_STUBIMAGE_STUB

An error message similar to this one appears when ETP or ETP Proxy cannot connect to the requested website. This may occur in any of these situations:

  • Connectivity issue to the origin website.

  • TLS certificate issue. This includes cases where ETP Proxy cannot validate an origin certificate. If an ETP administrator chooses to block origin certificates that cannot be verified, this error page appears to the user.

  • Unknown user or group attempting to access a website.

The blocked URL is shown in the error page.

Depending on the situation, the error message may differ. For example, this error message appears when there is an issue with the TLS certificate:

IMAGE_STUBIMAGE_STUB

The blocked URL is shown on the error page.

User Authentication Error

If authentication is enabled and configured in an acceptable use policy, this error message appears when a user enters invalid credentials to access a website.

IMAGE_STUBIMAGE_STUB

The blocked URL is shown on the error page.

Error page customization

If you choose to use ETP error pages instead of an error that is hosted by your organization, you can modify these areas of the ETP error pages:

  • Logo. Area at the top-left of the page that is reserved for the logo image. You can upload an image in JPEG or PNG format.

  • Title. Title header of the page that indicates website access is prohibited. You can select the background color and the color of the text. You can also modify the font, font size, and style of the text.

  • Message Area. Area of the page that is reserved for:

    • The reason or cause of the error

    • The category associated with the error

    • A message and explanation

    • IT help desk contact information such as the email, phone, and the ticket URL

    In this area of the page, you can:

    • Modify the color, font, font size, and font style of the text.

    • Select a background color for the message.

    • Enter the IT email address, phone number, and ticket URL.

    • Show or hide the IT email address, phone number, or ticket URL.

  • Window Background. Setting where you can select the background color of top and bottom of the page where no text is provided. You can also select whether you want to show the corner image.

Any modification you make to these areas impacts all error messages. For example, if you modify the font style of the message, the message in all of the error pages then uses the new font style.

Change the appearance of ETP error pages

If you're an ‚ÄčEnterprise Threat Protector‚Äč administrator, you can configure the appearance of ETP error pages. An error page appears when a user attempts to go to a website that violates access control settings or is a known or suspected malware, phishing, or C&C communication security threat. Error pages appear for known or suspected domains that are configured in the policy with a Block action and the Error Page response. For details, see Error page customization.

Any modification that you make to an element or item of an error page is applied to all ETP error pages. For example, if you select a specific font for the message that is provided in an error page, all error pages use that font for the message.

To change the appearance of error pages:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Error Pages.

  2. To upload a logo, click the Upload File and locate the image that you want to upload.

  3. To modify the Title heading:

    1. Navigate to the Title area.

    2. For the background color, click the color swatch and select the color that you want from the provided palette.

    3. To format the heading text, click the link that shows font style and formatting currently applied to the title, and in the toolbar that appears, select a new font, font size, or font format.

  4. To modify the background color of the message area:

    1. In the Message Area, go to the swatch that is associated with the background color.

    2. Click the color swatch and select the color that you want from the provided palette.

  5. To modify the text color and formatting associated with the Reason, Category, Explanation, or Communication parts of the message:

    1. To change the background color of the message area items, click the associated color, and select the color that you want from the provided palette.

    2. To format the text associated with an item in the message area, click the link that shows the applied font style and format, and in the formatting bar that appears, select a new font, font size, and font style as needed.

    3. Repeat step 5a and 5b for each message area item you want to modify.

  6. To show or hide communication information on the error pages:

    • To show the Mail, Phone, or Ticket information, ensure that the fields are selected.

    • To hide the Mail, Phone, or Ticket information, deselect the field.

  7. To enter communication information for your IT help desk:

    1. In the Mail field, enter an email address.

    2. In the Phone field, enter a phone number.

    3. In the Ticket field, enter the ticket URL.

  8. To modify the background color of the top or bottom of the error page:

    1. To modify the top of the page, for the gradient, click the color swatch and select a color from the provided palette.

    2. To modify the bottom of the page, for the gradient, click the color swatch and select a color from the provided palette.

  9. To show a corner image at the bottom right-hand side of the page, select Display Corner Image.

  10. To restore the default settings of the error pages, click Back to Default.

  11. Click Save.

Use a hosted error page

If your organization maintains its own error pages, you can choose to show users a hosted error page instead of ETP error pages. When you enable this feature, users are redirected to the hosted error page for all blocked websites.

To use a hosted error page:

  1. In the Threat Protection navigation menu, select Policies > Error Pages.

  2. Enable Self Hosted Error Page.

  3. In the provided field for the host, enter the URL where your organization hosts the error page.

  4. Click Save.

Parameters in an error page URL

While an error page indicates that access is denied to a website, the URL of the page also provides additional information to your users and help desk administrators. This information includes the error type, host or URI that the user attempted to access, the type of error that occurred, and more. These parameters are available in the URL of ETP error pages and in the URL of the error page that's hosted by your organization.

The parameters in the URL may look like this:

https://error.etp.akamai.com/error.html?lang=en_US&cust=<ID>&category=CONTROL&class=NO_AUTH&host=<www.example.com>&uri=&source=<IP_ADDRESS>&unauthenticated_reason=auth_declined

This error page URL includes the configuration ID, the specific threat category, domain that the user tried to access, the source IP address, and the reason why access was denied.

Depending on the error, these parameters may appear in the error page URL:

Parameter

Description

lang

Language that's displayed for the error page

category

Shows the category that was blocked. One of these values may appear for this parameter:

  • THREAT. Indicates the website was blocked based on a threat category.
  • MALWARE. Indicates the website was blocked as malware.
  • CNC. Indicates the website was blocked as a command and control communication threat.
  • PHISHING. Indicates the website was blocked as a phishing threat.
  • CONTROL. Indicates the website was blocked as a result of an access control configuration.
  • AUP. Indicates the website was blocked as a result of an acceptable use policy configuration.
  • ERROR. Indicates an error occurred.

class

Values that show additional details about the category. When a category is THREAT, the class parameter value includes three numerical values (for example, &class=1-2-3), where the middle numerical value represents the specific category ID. The category ID maps to these threat categories:

  • 1. Malware
  • 2. Phishing
  • 3. C&C
  • 4. Other
  • 5. DNS Exfiltration
  • 6. Risky domains
  • 7. File sharing AUP category

When the category is either AUP or CONTROL, the class parameter provides more details on the reason for the block. If the value is a numeric ID, this is the specific AUP or access control category ID that caused the block action. For more information on these IDs, see AUP and Access Control Category IDs.

If the category is ERROR, the error_type parameter will show the specific value.

error_type

Type of error that occurred. Possible values for this parameter include:

  • DNS. Indicates there was a DNS error, such as the inability to resolve a domain.
  • Internal. Indicates an internal error occurred that prevented resolution.
  • TLS. Indicates a TLS error occurred such as an error with the MITM certificate.
  • IDP. Indicates an error occurred with an identity provider.
  • CONFIGURATION. Indicates there was a configuration error.
  • ORIGIN_CONNECTIVITY. Indicates there was an issue connecting to the origin or destination.

code

If error_type information is provided, a code also appears with more specific information. Any one of these codes can appear:

  • 1. Indicates the error was a DNS resolution failure.
  • 6. Indicates that ciphers are not secure.
  • 7. Indicates there‚Äôs a invalid common name. The common name in the TLS certificate does not match the requested domain.
  • 8. Indicates there‚Äôs an invalid signature in the TLS certificate.
  • 9. Indicates there‚Äôs an invalid date associated with the TLS certificate. The date is before the ‚ÄúNot Valid Before‚ÄĚ date.
  • 10. Indicates there‚Äôs an invalid date associated with the TLS certificate. The certificate has likely expired.
  • 11. Indicates there‚Äôs a self-signed certificate error and as a result, the connection is not trusted.
  • 12. Indicates an untrusted certificate authority (CA) was detected and as a result, the connection cannot be established with the origin.
  • 13. Indicates the origin certificate was revoked and as a result, the connection cannot be established.
  • 14. Indicates there was a problem performing a certificate revocation check.
  • 15. Indicates that an SSL failure occurred.
  • 16. Indicates that the SSL version is not secure.
  • 17. Indicates that an SSL handshake between the browser and the origin server failed.
  • 18. Indicates that the connection method is not allowed.
  • 19. Indicates there was a failure connecting to the origin.
  • 20. Indicates an identity provider is not configured but was required.
  • 21. Indicates an origin port is not allowed by the policy.
  • 140. Indicates there was an error at the origin.
  • 141. Indicates there was an error validating the origin certificate.
  • 142. Indicates there was a TLS error at the origin.
  • 143. Indicates there was a refused connection at the origin.
  • 144. Indicates that the connection was reset at the origin.
  • 145. Indicates there was a timeout error that occurred at the origin.
  • 200. Indicates there was an invalid identity provider response.
  • 201. Indicates that the identity provider response is stale and the request should be attempted again.

unauthenticated_reason

Indicates why an authentication failure occurred. Any of these reasons may appear:

  • unsupported_onramp. Indicates that traffic was not delivered from a source that supports user authentication.
  • noip. Indicates there‚Äôs no detected IP address and as a result, traffic does not appear to be from a trusted source.
  • auth_error_resp. Indicates there was an error verifying user identity for authentication.
  • session_creation_error. Indicates there was a session creation error and as a result, user identity cannot be confirmed.
  • session_store_error. Indicates there was a session store error.
  • auth_declined. Indicates the user skipped authentication.

hashThatCausedBlock

The hash value of the file that was blocked.

host

Host that user attempted to access.

uri

URI that user attempted to access.

AUP and Access Control Category IDs

In a class parameter (for example, &class=1-2-3) of an error page URL, the middle numerical value represents the specific category ID. These numerical values map to the category ID that’s associated with AUP and access control operation categories.

For more information on AUP categories, see Acceptable use policy categories.

Numeric ID

AUP Category or Access Control Operation Category

1

Uploading

2

Downloading

3

Posting

4

Sharing

5

Editing

6

Viewing Contents

7

Chatting

8

File Transfer

9

Listening

10

Viewing Mail

11

Sending Mail

12

Sending Attachments

13

Calling

14

Searching

15

Login/Authentication

16

Alcohol/Tobacco

17

Broadcasting

18

Paying and Transferring Money

19

Inviting

20

File Sharing

22

Healthcare

23

Financing & Investing

31

Chat

33

Virtual Community

34

Forums & Message Boards

35

Blogging

37

Personals & Dating

38

Gore

39

Hate

40

Violence

46

Weapons Related

47

Lingerie

49

Nudism & Naturism

50

Hacking

51

Plagiarism

52

Criminal Skills

53

Peer to Peer

54

Anonymizers

55

Streaming Websites

56

Pornography Websites

60

Self Harm

70

Sex Education

71

Motor Vehicles

72

Real Estate

73

Business & Economy

74

Marijuana

75

Abortion

76

Kids

77

Military

78

Legal

79

Government

80

Travel

81

Entertainment & Arts

82

Local Information

83

Hunting & Fishing

84

Recreation & Hobbies

85

Music

86

Image & Video Search

87

Fashion & Beauty

88

News & Media

89

Political Advocacy

90

Cult & Occult

91

Religion

92

Training & Tools

93

Job Search

94

Translation

95

Reference & Research

96

Educational Institutes

97

Search Engines

98

Web Advertisements

99

Auctions

100

Shopping

101

Home & Garden

102

Online Greeting Cards

103

Computer & Internet Security

104

Computer & Internet Info

105

Keyloggers & Monitoring

106

Dead Sites

107

Shareware & Freeware

108

Pay to Surf

109

Internet Portals

110

Web-Based Email

111

Spyware & Adware

112

Content Delivery Networks

113

Confirmed Spam Sources

114

Spam URLs

115

Dynamic Content

116

Parked Domains

117

Web Hosting

118

DNS-over-HTTPS Providers

119

IT Services

120

Productivity and CRM Tools

121

Sales and Marketing

122

System & Development

123

Collaboration and Online Meetings

124

General Internet (News, Utilities, Misc)

125

Document Management

127

Individual Stock Advice & Tools

128

Child Abuse / Exploitation


Did this page help you?