HTTP-Proxy: Deny Message

When content is denied, the XTM device sends a default deny message that replaces the denied content. You can change the text of that deny message. You can customize the deny message with standard HTML. You can also use Unicode (UTF-8) characters in the deny message. The first line of the deny message is a component of the HTTP header. You must include an empty line between the first line and the body of the message.

You get a deny message in your web browser from the XTM device when you make a request that the HTTP-proxy does not allow. You also get a deny message when your request is allowed, but the HTTP-proxy denies the response from the remote web server. For example, if a user tries to download an .exe file and you have blocked that file type, the user sees a deny message in the web browser. If the user tries to download a web page that has an unknown content type and the proxy policy is configured to block unknown MIME types, the user sees an error message in the web browser.

The default deny message text and html code appears in the Deny Message text box. To change this to a custom message, scroll to the <body> element of the message code and add any of these variables:

%(transaction)%

Select Request or Response to show which side of the transaction caused the packet to be denied.

This variable also appears in the <title> element of the deny message.

%(reason)%

Includes the reason the XTM device denied the content.

%(method)%

Includes the request method from the denied request.

%(url-host)%

Includes the server host name from the denied URL. If no host name was included, the IP address of the server is included.

%(url-path)%

Includes the path component of the denied URL.

%(serial)%

Includes the serial number of the XTM device in the deny message.

%(firewall)%

Includes the XTM device name in the deny message.

When you change the Deny Message, make sure that the opening <html> and <body> tags and the closing </body> and </html> tags are still included in the Deny Message. If the tags are not included, the default Deny Message is displayed instead of the message you specify.

To configure the Deny Message:

  1. On the Proxy Action tab, select the Deny Message tab.
    The Deny Message settings appear.

Screen shot of the HTTP-Client proxy action Deny Message

  1. In the Deny Message text box, type the deny message.
  2. To change settings for other categories in this proxy, see the topic for the next category you want to modify.
  3. Click Save.

If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.

For more information on predefined proxy actions, see About Proxy Actions.

See Also

About the HTTP-Proxy

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base