To serve a URL filtering response page over an HTTPS session without
enabling SSL/TLS decryption, follow these steps.
Verify that the URL category that the website belongs to has been
If the category has been blocked in a URL Filtering profile applied to a
Security policy rule or by a Security policy rule with the specific URL category
as match criteria, the value in the Action column for a given entry displays
Search for the affected website, and select the most recent log
Examine the Category and Action columns.
Are the categories assigned to the website accurate? Verify its
categories using Test A Site, Palo Alto Networks URL
category lookup tool. If you still believe the website is
categorized incorrectly, submit a change
For future reference, note the rule associated with this log
Determine if a custom response page is the cause of this issue.
Confirm that only
A custom response page is active if
listed (in addition to
) in either of
: Under the Location column corresponding to a
given response page.
: Under Location.
) Revert the
custom page to its default state to confirm that the custom response
page is the issue.
the custom page.
Visit the affected website to see if the default response page
If the problem persists, call support for further investigation.
If the above steps fail to correct the issue, contact Palo Alto Networks support.
Additional troubleshooting may be necessary to pinpoint the issue. For example,
analyzing the traffic through a packet capture (pcap) tool alongside support may be
helpful if a response page fails to function for some web pages but works for