KB Article | Forcepoint Support

Problem Description

Users need to be redirected to a block page hosted on a different server. Is it possible to hide the identity of the Websense machine (make it look as though the block page is coming from another machine)?

Resolution

Options are available to hide the identity of the Forcepoint server. You may:
  • Change the content displayed in the top frame of a block page
  • Modify the hosts file to make the block page appear to be coming from another machine
  • Substitute a page on another server for the entire block page
Note You can either create new, custom block messages or block pages, or modify the default block pages. For details, see the Block Page Management page from the Forcepoint Administrator’s Help guide, or the Forcepoint Security Manager’s Help system.

It is also possible to serve Content Gateway block pages over the P1 interface instead of the C interface on a V10K appliance, however this will require root access. Raise a case with Technical Support and in the case description, ensure this article (11358) is mentioned.

Change the message displayed in the top frame of a block page

  1. In Forcepoint Security Manager, go to Settings > General > Filtering > Block Messages.
  2. Type the path to the HTML file that contains the custom block message for HTTP (and HTTPS if using Content Gateway with SSL Decryption), FTP and Gopher requests.
  3. Click OK.
  4. Click Save and Deploy.
Note For more information, click the Help option at the top right of the GUI and select Explain This Page.

Modify the hosts file to make the block page appear to be coming from another machine

  1. Use Windows Explorer to navigate to the \Windows\system32\drivers\etc directory.
  2. Use a text editor (such as Notepad) to open the open the hosts file. Below is a sample default hosts file in Windows:
 
# Copyright (c) 1993-2016 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host



# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost
  1. Save a backup copy of the hosts file in another directory.
  2. Add a new line at the end of the file, and then enter filtering service’s IP address, followed by a fictitious host name for masking. For example:
<IP-Address>     FakeBlockPageHostname
  1. Save your changes. Make sure that the text editor does not add a file extension to the file name. (By default, Notepad adds a ".txt" extension when saving files.)
  2. Test a block page on the machine where the hosts file has been changed. If successful, GPO the edited hosts file to all users. See Microsoft’s website for information on using Group Policy.

Substitute the entire block page for a page hosted on another server

To point the block page to another machine, you must edit the eimserver.ini file. When you configure Forcepoint software to use a block page on another machine, the URL redirect no longer includes the name or IP address of the Forcepoint machine. For example, the user's browser normally shows a URL like the following when a block page is displayed:
 
   http://<IP-Address>:15871/cgi-bin/blockpage.cgi?ws-session=587202562

This URL identifies the server as being located at a specific IP Address. If you do not want to disclose the location of the host machine, pointing to block pages on another machine is one solution.
 
Important When you point to block pages on another server, you lose the functionality associated with block page buttons (used for the Continue, Use Quota Time, Go Back, Continue, and Password Override options). If you use only the block and permit filtering options in your policies, this doesn't present any problems. To preserve the option to use the More Information link, and the Use Quota Time, Go Back, Continue, and Password Override buttons, use the host name masking options described in the previous section.
 
 Note These steps are for a Windows server filtering service deployment. If an Appliance Content Gateway is in use, raise a case with Technical Support for assistance with changes.
 
Before configuring Forcepoint software to point to a block page on another machine, place the default or edited block pages on the new host machine. When the HTML files are in place, edit the eimserver.ini file on the Forcepoint server:
 
  1. Stop all Forcepoint services. See Stopping and starting Websense services.
  2. Navigate to the Websense bin directory (Program Files (x86)\Websense\Web Security\bin by default).
  3. Save a backup copy of the eimserver.ini file in another directory.
  4. Open the eimserver.ini file in a text editor and locate [WebsenseServer] (at the top of the file).
  5. Enter one of the following below the [WebsenseServer] entry:
    • UserDefinedBlockPage=http://<www.domain.com>
Substitute the correct Web server host name for <www.domain.com>.
  • UserDefinedBlockPage=http://<IP address>
Substitute the IP address of the host machine for <IP address>.
Note The protocol portion of the URL (http://) is required.
  1. Save the file and close the text editor.
  2. Start the Websense services as described in Stopping and starting Websense services.
When the services have started, users receive the block page hosted on the new machine.
 

Article Feedback



Thank you for the feedback and comments.