Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 13703 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Block Message for valid blocked HTTPS sites

Mike Pemberton

 

Hello,

I've got a client running Sophos Enterprise Console and recently enabled Web Control so they could move away from a web proxy provider and save money.

*Enterprise Console version 5.5.0

*Client Agent (Endpoint Security and Control) version 10.7

This works fine for all the sophostest.com sites and everyone is happy with the solution - however any BLOCKED sites that are accessed on HTTPS just result in:

 

"This site can't provide a secure connection

<website> sent an invalid response

ERR_SSL_PROTOCOL_ERROR"

 

 

Non-blocked HTTPS sites work fine.

Could anyone advise a way to resolve this please as I'm keen to provide users with a more meaningful message to reduce support calls.

 

Kind Regards,

Mike



This thread was automatically locked due to age.
Parents
  • +1

    Hello Mike,

    the Endpoint Web Control can just permit or block HTTPS requests but it can't inject its own error message, it would have to intercept the TLS handshake. Thus it only causes a connection error, the message is issued by the browser.

    Christian

  • 0 in reply to QC

    Sophos does log that access to those sites is blocked under controlled items.  Is there anyway for users to get a pop-up notification from Sophos that the site is blocked?

  • 0 in reply to Ryan Smith4

    Hi  

    An event is triggered that is shown to the user and sent to Sophos Enterprise Console. Alternatively, users can be warned by means of notification when visiting controlled websites; even if the user does not proceed, a warning event is triggered. If the user proceeds and views a site despite the warning, a second event is triggered and sent to Sophos Enterprise Console.

  • 0 in reply to Shweta

    Hi Shweta.  The only message our users see when they go to a blocked website is the generic "This site can't provide a secure connection"  The only way a user can see if the site was blocked is by going to the controlled items area of Sophos on their PC.  Is that the event that you're referring too?

    You also said users can be warned by means of notification, is that a setting within Sophos Central?

    Thanks for your help!

  • 0 in reply to Ryan Smith4

    Hi  

    Are you managing your endpoints via Sophos central? You will either see a notification popup or the browser will display a page detailing the content that has been blocked or warned. HTTPS websites will display a message website cannot be found. For more information, please check this article

  • 0 in reply to Ryan Smith4

    Hi Ryan,

    Users should get the pop up "toast" notification when they attempt to access a blocked HTTPS site. Are you not seeing this behavior?

    There is a method to disable this but it's not a setting controlled in the policy, instead it's a registry key add on your endpoints.
    https://community.sophos.com/kb/en-us/120971

  • 0 in reply to MEric

    Yeah I'm not getting the pop up notification.  I went through the attached procedure and made sure that this wasn't disabled in the registry.  Is it something that needs to be enabled in Sophos Central?

Reply Children