Users need to be redirected to a block page hosted on a different server. Is it possible to hide the identity of the Websense machine (make it look as though the block page is coming from another machine)?

Options are available to hide the identity of the Forcepoint server. You may:

• Change the content displayed in the top frame of a block page
• Modify the hosts file to make the block page appear to be coming from another machine
• Substitute a page on another server for the entire block page

Note You can either create new, custom block messages or block pages, or modify the default block pages. For details, see the Block Page Management page from the Forcepoint Administrator’s Help guide, or the Forcepoint Security Manager’s Help system.

It is also possible to serve Content Gateway block pages over the P1 interface instead of the C interface on a V10K appliance, however this will require root access. Raise a case with Technical Support and in the case description, ensure this article (11358) is mentioned.

Change the message displayed in the top frame of a block page

1. In Forcepoint Security Manager, go to Settings > General > Filtering > Block Messages.
2. Type the path to the HTML file that contains the custom block message for HTTP (and HTTPS if using Content Gateway with SSL Decryption), FTP and Gopher requests.
3. Click OK.
4. Click Save and Deploy.

Note For more information, click the Help option at the top right of the GUI and select Explain This Page.

Modify the hosts file to make the block page appear to be coming from another machine

1. Use Windows Explorer to navigate to the \Windows\system32\drivers\etc directory.
2. Use a text editor (such as Notepad) to open the open the hosts file. Below is a sample default hosts file in Windows:

 

3. Save a backup copy of the hosts file in another directory.
4. Add a new line at the end of the file, and then enter filtering service’s IP address, followed by a fictitious host name for masking. For example:

5. Save your changes. Make sure that the text editor does not add a file extension to the file name. (By default, Notepad adds a ".txt" extension when saving files.)
6. Test a block page on the machine where the hosts file has been changed. If successful, GPO the edited hosts file to all users. See Microsoft’s website for information on using Group Policy.

Substitute the entire block page for a page hosted on another server

To point the block page to another machine, you must edit the eimserver.ini file. When you configure Forcepoint software to use a block page on another machine, the URL redirect no longer includes the name or IP address of the Forcepoint machine. For example, the user's browser normally shows a URL like the following when a block page is displayed:
 
This URL identifies the server as being located at a specific IP Address. If you do not want to disclose the location of the host machine, pointing to block pages on another machine is one solution.
 
Important When you point to block pages on another server, you lose the functionality associated with block page buttons (used for the Continue, Use Quota Time, Go Back, Continue, and Password Override options). If you use only the block and permit filtering options in your policies, this doesn't present any problems. To preserve the option to use the More Information link, and the Use Quota Time, Go Back, Continue, and Password Override buttons, use the host name masking options described in the previous section.
 
 Note These steps are for a Windows server filtering service deployment. If an Appliance Content Gateway is in use, raise a case with Technical Support for assistance with changes.
 
Before configuring Forcepoint software to point to a block page on another machine, place the default or edited block pages on the new host machine. When the HTML files are in place, edit the eimserver.ini file on the Forcepoint server:
 

1. Stop all Forcepoint services. See Stopping and starting Websense services.
2. Navigate to the Websense bin directory (Program Files (x86)\Websense\Web Security\bin by default).
3. Save a backup copy of the eimserver.ini file in another directory.
4. Open the eimserver.ini file in a text editor and locate [WebsenseServer] (at the top of the file).
5. Enter one of the following below the [WebsenseServer] entry:
   • UserDefinedBlockPage=http://<www.domain.com>

• UserDefinedBlockPage=http://<IP address>

6. Save the file and close the text editor.
7. Start the Websense services as described in Stopping and starting Websense services.

When the services have started, users receive the block page hosted on the new machine.






Keywords: block page; custom block page; host block page; userdefined block page; block messages; modify host