KB Article | Forcepoint Support
Support
  1. Home
  2. Knowledgebase

Block page doesn't display properly

  • Article Number: 000010861
  • Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security Gateway, Web Security and Web Filter
  • Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5, 7.1, 7.0
  • Last Published Date: September 21, 2018

Problem Description

The block page is not displaying properly on the end user's computer.

Resolution

There are multiple potential causes for block pages to not properly resolve. Check the solutions below and if the issues with the block page persist, raise a case with Technical Support for assistance.
  • Filtering port and block page port.
  • Filtering service and Windows Firewall.
  • IP address missing for eimserver.ini file.
  • Multiple NIC environment.
  • Block page read access.
  • Network and DNS.
Important If a block page is not being produced for HTTPS websites (Page cannot be displayed), and SSL Decryption via Content Gateway is not in the environment, this is expected behavior as the Filtering Service cannot inject the block page into encrypted traffic.

Filtering port and block page port
The filtering port is used by Filtering Service to communicate with other Websense components. The block page port is used by Filtering Service to send block pages to client machines. These ports must be in the range 1024-65535.

Filtering Service may have been automatically configured to use ports other than the default 15868 (filtering port) and 15871 (block page port). When Filtering Service is installed, the installation program checks whether these default ports are already in use on that machine. If either is already in use, the port is automatically incremented until a free port is found.
To find the ports used by Filtering Service:
  1. On the Filtering Service server, go to Program Files (x86)\Websense\Web Security\bin.
  2. Open the eimserver.ini file.
  3. Look for the WebsenseServerPort (filtering port) and BlockMsgServerPort (block page port) values.
Important If eimserver.ini file is modified (to update or change the ports, for example) after saving the file, restart the Filtering Service for it to see these changes.

Filtering service and Windows Firewall
The Windows firewall is enabled by default on Windows Server versions 2008 to 2016. Port 15871 must be open for Filtering Service to receive redirect request to deliver the Forcepoint block page. There are two methods to handle the port issue: IP Address missing for eimserver.ini file
Perform the following steps to enforce Forcepoint software to use a specific IP address:
  1. On the Forcepoint Management Windows server, navigate to the Program Files (x86)\Websense\Web Security\bin folder.
  2. Edit the file eimserver.ini using a text editor.
  3. Add the following line to the [WebsenseServer] section, if it does not already exist:
BlockMsgServerName=<IP address>
<IP address> is the IP address of the Filtering Service.
  1. Save changes to the file.
  2. Restart the Websense services. See Stopping and starting Websense services for instructions.
Multiple NIC environment
If the Filtering Service machine has more than one NIC, and you are still having problems after adding the BlockMsgServerName entry to the eimserver.ini file, try the other NIC IP addresses in the eimserver.ini file.

Block page read access
Ensure that users have read access to the files in the Websense folders that store the block pages:
  • Websense\Web Security\BlockPages\en\Default
  • Websense\Web Security\BlockPages\en\Custom
 For instructions, see Microsoft’s document Manage User Accounts in Windows Server Essentials.

Network and DNS
  1. Try to cause the block page to appear on the Filtering Service machine itself, by loading a site in the browser that should be blocked. If it appears, this may indicate a network problem.
  2. Open a DOS prompt on the Filtering Service machine and type:
netstat /an > doc.txt
Review the doc.txt file. Is the Filtering Service listening on port 15871? If not, Filtering Service may need to be reconfigured or reinstalled.
  1. If Filtering Service is listening on the correct port, then telnet to the port from both the Filtering Service machine and from a workstation:
telnet <Filtering Service machine> 15871
If telnet does not work from a workstation but works from the local server (from the Filtering Service machine), this indicates network issue.
  1. Ping the Filtering Service machine from a workstation with the problem. Try pinging by IP Address and Server Hostname and by to confirm if the issue is related to network or DNS.
  2. Are there any rules on the Proxy Server or firewall that are routing all http requests to another appliance upstream that may not be able to load the block page on the Filtering Service machine?
  3. If Forcepoint is installed on the same machine as CheckPoint FireWall, the FireWall Stealth rule will prevent the block page from displaying.
  4. Finally, open a browser on both the client’s PC and the Filtering Service machine and type in the address bar with the IP of the filtering service present
http://<IP_address_of_Filtering_Service>:15871/cgi-bin/blockpage.cgi?
This should return an “Invalid Request” response from the Filtering Service machine. This indicates that the Filtering Service is active and listening. Check the network for DNS issues.
  1. Follow the block page packet from the Forcepoint server to the test workstation.
    1. Install Wireshark from Wireshark’s website.
    2. Monitor the Forcepoint server for the outbound block page packet.
    3. Monitor the test workstation for the incoming block page packet.
Note To identify the block page, use the "ip.id==0x02f2" filter.
  1. If the block page is seen leaving the Forcepoint server, but not arriving at the test workstation, then explore the path traveled by the packet. A network issue is most likely involved.
User-added image

The block page spoofs the origin server. If the capture shows an external source IP address for the block page’s 302 move packet, check if the block page is being stopped by an intermediate router or packet inspection device on the network.
 

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more