Focus

Advanced URL Filtering

Customize the URL Filtering Response Pages

Table of Contents

Customize the URL Filtering Response Pages

Learn how to customize the URL Filtering response pages that display when users access sites in URL categories with block, continue, or override policy actions.

Where can I use this?	What do I need?
Prisma Access PAN-OS	Advanced URL Filtering license (or a legacy URL filtering license) Notes: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported. Prisma Access licenses usually include Advanced URL Filtering capabilities.

By default, the URL filtering response pages explain why a requested URL can't be accessed and show the user's IP address, the requested URL, and the URL category. You can customize the response pages to meet the needs of your enterprise. For example, you can change the message displayed to users, add corporate branding, or link to an acceptable use policy.

To customize a response page, export it from a platform and modify it in a text editor. You can make updates using the provided response page variables and references. Response page variables correspond to the specific user, URL, and category that was blocked. Response page references enable the use of images, sounds, style sheets, and links.

Custom response pages larger than the maximum supported size are not decrypted or displayed to users. In PAN-OS 8.1.2 and earlier PAN-OS 8.1 releases, custom response pages on a decrypted site can't exceed 8,191 bytes; the maximum size is 17,999 bytes in PAN-OS 8.1.3 and later releases.

Prisma Access

PAN-OS

Prisma Access

Customize the predefined URL Access Management response pages.

If you’re using Panorama to manage Prisma Access:

Toggle over to the PAN-OS
tab and follow the guidance there.

If you’re using Prisma Access Cloud Management, continue here.

Export the default response pages you want to customize.

Select

Manage

Configuration

NGFW and Prisma Access

Security Services

URL Access Management

Settings

In the Response Pages pane, click

Export HTML Template

for each response page you want to edit.

Save the files to your system.

Edit an exported response page.

Using the HTML text editor of your choice, edit the page:

To display custom information about the specific user, URL, or category that was blocked, add one or more response page variables.

To include custom images, sounds, style sheets, or links, include one or more response page references.

Save the edited page with a new filename.

Make sure that the page retains its UTF-8 encoding. For example, in Notepad you'd select

UTF-8

from the

Encoding

drop-down in the Save As dialog.

Import the customized response page.

Select

Manage

Configuration

NGFW and Prisma Access

Security Services

URL Access Management

Settings

In the Response Pages pane, click the type of response page you customized. A file selection dialog appears.

For example, if you customized the URL Access Management Block Page, you'd click

URL Access Management Block Page

Click

Choose File

, and then select the file you customized.

Click

Save

Click

Push Config

Verify that the customized response page displays.

From a web browser, visit a URL that will trigger the response page. For example, to verify a customized URL Access Management Block Page, visit a URL blocked by your Security policy rules.

The firewall uses the following ports to display the URL Access Management response pages:

HTTP
—6080

Default TLS with firewall certificate
—6081

Custom SSL/TLS profile
—6082

PAN-OS

Export the default response pages you want to customize.

Select

Device

Response Pages

Click the

Type

of response page you want to edit. A dialog for the response page appears.

Select

Predefined

, and then click

Export

the dialog, and then repeat steps two and three, if necessary.

Save the files to your system.

Edit an exported page.

Using the HTML text editor of your choice, edit the page:

To display custom information about the specific user, URL, or category that was blocked, add one or more response page variables.

To include custom images, sounds, style sheets, or links, include one or more response page references.

Save the edited page with a new filename.

Make sure that the page retains its UTF-8 encoding. For example, in Notepad you would select

UTF-8

from the

Encoding

drop-down in the Save As dialog.

Import the customized response page.

Select

Device

Response Pages

Click the

Type

of response page you customized. A dialog for the specific response page appears.

Select

Predefined

, and then click

Import

. A file selection dialog appears. For

Import File

Browse

for the file you customized or enter the file path.

(Optional) For

Destination

, select the virtual system that will use the response page, or select

shared

to make it available to all virtual systems.

Click

, and then

the dialog.

Save the customized response page.

Commit

your changes.

Verify that the customized response page displays.

From a web browser, visit a URL that will trigger the response page. For example, to verify a customized URL Filtering and Category Match response page, visit a URL blocked by your Security policy rules.

The firewall uses the following ports to display the URL filtering response pages:

HTTP
—6080

Default TLS with firewall certificate
—6081

Custom SSL/TLS profile
—6082

URL Filtering Response Page Objects

Safe Search Enforcement