About HTTP Response Pages
As part of access control, you can configure an HTTP response page to display when the system blocks web requests, using either access control rules or the access control policy default action.
You can choose a generic system-provided response page, or you can enter custom HTML. The response page displayed depends on how you block the session:
Block or Block with reset—A blocked session times out or resets. The Block Response Page overrides the default browser or server page that explains that the connection was denied.
Interactive Block or Interactive Block with reset—The system can display an Interactive Block Response Page to warn users, but also allow them to click a button (or refresh the page) to load the originally requested site. Users may have to refresh after bypassing the response page to load page elements that did not load.
HTTP response pages do not always appear when the system blocks web traffic; see Limitations to HTTP Response Pages.
Limitations to HTTP Response Pages
HTTP response pages do not always appear when the system blocks web traffic.
Configurations Other Than Access Control Rules
The system displays a response page only for unencrypted or decrypted connections blocked (or interactively blocked) either by access control rules or by the access control policy default action. The system does not display a response page for:
Connections blacklisted by Security Intelligence
Encrypted connections blocked by an SSL policy
Promoted Access Control Rules
The system does not display a response page when web traffic is blocked as a result of a promoted access control rule (an early-placed blocking rule with only simple network conditions).
Before URL Identification
The system does not display a response page when web traffic is blocked before the system identifies the requested URL; see Guidelines and Limitations for URL Filtering.
The system does not display a response page if the session is or was encrypted.