Focus

Customize the URL Filtering Response Pages

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

URL Filtering Response Pages

HTTP Header Logging

Customize the URL Filtering Response Pages

You can customize the page that displays when a block event occurs with corporate branding, acceptable use policies, and other custom content.

The firewall provides predefined URL filtering response pages that display by default when a user:

A user attempts to browse to a site in a category with restricted access.
A user submits valid corporate credentials to a site for which credential detection is enabled (Prevent Credential Phishing based on URL category).
Log Only the Page a User Visits blocks a search attempt.

However, you can create your own custom response pages with your corporate branding, acceptable use policies, and links to your internal resources.

Custom response pages larger than the maximum supported size are not decrypted or displayed to users. In PAN-OS 8.1.2 and earlier PAN-OS 8.1 releases, custom response pages on a decrypted site cannot exceed 8,191 bytes; the maximum size is increased to 17,999 bytes in PAN-OS 8.1.3 and later releases.

Export the default response page(s).
1. Select DeviceResponse Pages.
2. Select the link for the URL filtering response page you want to modify.
3. Click the response page (predefined or shared) and then click the Export link and save the file to your desktop.
Edit the exported page.
1. Using the HTML text editor of your choice, edit the page:
  - If you want the response page to display custom information about the specific user, URL, or category that was blocked, add one or more of the supported URL filtering response page variables.
  - If you want to include custom images (such as your corporate logo), a sound, or style sheet, or link to another URL, for example to a document detailing your acceptable web use policy, include one or more of the supported response page references.
2. Save the edited page with a new filename. Make sure that the page retains its UTF-8 encoding. For example, in Notepad you would select UTF-8 from the Encoding drop-down in the Save As dialog.
Import the customized response page.
1. Select DeviceResponse Pages.
2. Select the link that corresponds to the URL filtering response page you edited.
3. Click Import and then enter the path and filename in the Import File field or Browse to locate the file.
4. (Optional) Select the virtual system on which this login page will be used from the Destination drop-down or select shared to make it available to all virtual systems.
5. Click OK to import the file.
Save the new response page(s).
Commit the changes.
Verify that the new response page displays.
From a browser, go to the URL that will trigger the response page. For example, to see a modified URL Filtering and Category Match response page, browse the site that your URL filtering policy is set to block.
The firewall uses the following ports to display the URL filtering response pages:
- HTTP—6080
- Default TLS with firewall certificate—6081
- Custom SSL/TLS profile—6082

URL Filtering Response Pages

HTTP Header Logging

Next-Generation Firewall Docs

Customize the URL Filtering Response Pages

Next-Generation Firewall Docs

Customize the URL Filtering Response Pages

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner