Sam_Pickles_110
May 04, 2010Nimbostratus
Custom blocking page - formatting and mailto: link
Hi all;
If anyone is playing around with custom formatting for response pages, one approach I've used recently with success is to take a page from the back-end application, right click and view source, then copy this into notepad and remove most of the page body; leaving just the banners, formatting, menus, page layout etc. Its OK for this page to contain references to external objects such as CSS unless you are using IP address enforcer, in which case the page may not display properly.
Then in the middle of the page, insert something like the text at the end of this post. This HTML gives the user a mailto link, in the event that the user is trying to do something legitimate, and they wish to raise the issue with security. The email which opens contains the support ID as a subject line which makes it easy for security team to investigate the reason for blocking. This is helpful in the case of a legitimate user who is doing something which contravenes security policy; but without malicious intent.
If anyone would like a sample page for the Auction site or Hacme bank, please mail me and I'll fire it across (can't attach to this post sorry - file type disallowed).
hope this is useful;
regards, Sam
Your request is invalid. Please try again or click below to contact security administrators.