Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

Custom Blocked Page URL 

Nov 25, 2015 06:55 PM

Requirement:

Starting from 4.1 has supported to send HTTP 200 deny information for URL denied by URL filtering. Some customer want that client who access blocked URL should be redirected to custom page/URL. This redirected function has higher priority than original HTTP 200 function. 

In 4.2 we can set redirect URL when client access URL which denied by IAP.

Numbers of custom URLs is up to 8. The format of command just like “dpi-error-page-url index http://www.google.com” and URL must be absolute URL which start with a scheme “http://” or “https://”.



Solution:

In 4.2 we can set redirect URL when client access URL which denied by IAP.

Numbers of custom URLs is up to 8. The format of command just like “dpi-error-page-url index http://www.google.com” and URL must be absolute URL which start with a scheme “http://” or “https://”.



Configuration:

Custom error page for web access denied by AppRF policies How to use "Custom Blocked Page URL"
 

WebUI configuration 

Step1: Add a Custom Blocked Page URL “https://www.sohu.com/”

IAP UI  - Security > Custom Blocked Page URL

Step2:binding the URL to a Roles “example”

IAP UI  - Security > Roles > Rule type > Blocked Page URL

 

 

Step3: Also need to configure DPI ACL deny rule
IAP UI  - Security > Roles > Rule type > Access control

 

 

CLI configuration:


9c:1c:12:c7:e5:72#configure t
9c:1c:12:c7:e5:72(config) #dpi-error-page-url 0 http://www.sohu.com 
9c:1c:12:c7:e5:72(config) #wlan access-rule example 
9c:1c:12:c7:e5:72(Access Rule "example") #dpi-error-page-url 0
9c:1c:12:c7:e5:72(Access Rule "example") #rule any any match app baidu deny
9c:1c:12:c7:e5:72(Access Rule "example") #no  rule any any match any any any permit
9c:1c:12:c7:e5:72(Access Rule "example") #rule any any match any any any permit
9c:1c:12:c7:e5:72(Access Rule "example") #end
9c:1c:12:c7:e5:72#commit apply

Show run 
wlan access-rule example
 index 3
 dpi-error-page-url 0
 rule any any match app baidu deny
 rule any any match any any any permit

 



Verification
  • Check the VC DNS IP setting via "show summary"

 

ac:a3:1e:c5:9c:80# show  dpi-error-page-urls 

Global DPI error page URLs Config
---------------------------------
ID  URL
--  ---
0   http://www.sohu.com


ac:a3:1e:c5:9c:80# show  access-rule example

Access Rules
------------
Dest IP  Dest Mask  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia  Time Range Profile
-------  ---------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------  ------------------
any      any        match                                  app baidu    deny                                                                                         
any      any        match       any                                     permit                                                                                       
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable


DPI error page URL:0 http://www.sohu.com

 

  • Check redirect URL on Client browser 

If the clients access www.baidu.com, the following redirect URL “www.sohu.com” will happen on browser as below:

http://www.sohu.com/?user_ip=%3C192.168.1.105%3E&dest_ip=%3C115.239.210.27%3E&app_name=%3Cbaidu%3E&web_rep=%3Ctrustworthy-sites%3E&web_cat=%3Csearch-engines%3E

 

  • Check  redirect URL  for Packet captured on Client.

 

 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.