Custom blocking page - formatting and mailto: link

Question

Hi all;&nbsp;
&nbsp;If anyone is playing around with custom formatting for response pages, one approach I've used recently with success is to take a page from the back-end application, right click and view source, then copy this into notepad and remove most of the page body; leaving just the banners, formatting, menus, page layout etc. Its OK for this page to contain references to external objects such as CSS unless you are using IP address enforcer, in which case the page may not display properly.&nbsp;
&nbsp;Then in the middle of the page, insert something like the text at the end of this post. This HTML gives the user a mailto link, in the event that the user is 
trying to do something legitimate, and they wish to raise the issue with
 security. The email which opens contains the support ID as a subject 
line which makes it easy for security team to investigate the reason for
 blocking. This is helpful in the case of a legitimate user who is doing
 something which contravenes security policy; but without malicious 
intent.&nbsp;
&nbsp;If anyone would like a sample page for the 
Auction site or Hacme bank, please mail me and I'll fire it across 
(can't attach to this post sorry - file type 
disallowed).&nbsp;
&nbsp;hope this is 
useful;&nbsp;
&nbsp;regards, Sam&nbsp;
&nbsp; 
&nbsp;Your request is invalid. Please try again or click below to contact security administrators.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Hi Sam, 
&nbsp;  
&nbsp; I think your post got munged.  Can you add .txt to the filenames and attach them instead? 
&nbsp;  
&nbsp; Thanks, Aaron

sam_pickles_110 · Answer

sam_pickles_110 · Answer

OK, the mailto link seems to have displayed correctly by enclosing in a code block above. I wasnt able to upload .txt, .html or .zip file types, and uploading a file with no extension doesnt seem to open properly when you try to download it (the file attached to this post is a .zip, if you manage to download and rename it). &nbsp;
&nbsp;I will post the Auction page example in a code block below... sorry this will be a big mess of a post. &nbsp;
&nbsp;cheers, Sam&nbsp;

sam_pickles_110 · Answer

PHPAUCTION

|

Search

Browse

Art &amp; Antiques
Books

Clothing &amp; Accessories
Coins &amp; Stamps
Collectibles
Comics, Cards &amp; Science Fiction
Computers &amp; Software

Electronics &amp; Photography
Gemstones &amp; Jewelry
Home &amp; Garden
Movies &amp; Video
Music

Office &amp; Business
Other Goods &amp; Services
Sports &amp; Recreation
Toys &amp; Games
Video Games

All categories

Apr.27  2009, 20:52:27

38 REGISTERED USERS   622 AUCTIONS

Invalid Request

Your request is invalid. Please try again or click below to contact security administrators.

|

If you are interested in obtaining a CD of this application, please contact your local F5 sales representative.

This web application is based on a modified version of phpauction (phpauction.org).
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by

the Free Software Foundation (version 2 or later).
         
        www.f5.com
  |  
        
        The Leader in Application Traffic Management

Ensuring secure and optimized application delivery for 
        global enterprises

Forum Discussion

Custom blocking page - formatting and mailto: link

4 Replies

Recent Discussions

Issue on license renewal

Maximum throughput of f5 ltm

iRule cookie persistence and pool redirect

redirect not working

Access azure app service using f5 LTM

Related Content

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)

X509 Subject Formatting

Import certificate as pfx format

Block traffic

domain blocking