PaloAltoNetworks firewall - Sinkhole response page

 

Trafikk som blir sinkholed gir ikke noen feilmelding til bruker,

dette kan en fint lage selv.

Sett opp en webserver f.eks. en IIS og legg inn IP til webserveren i din Anti-Spyware profil.

Response siden kan du endre på, min ser slik ut  ↓ 
I brannmur threat loggen vil du se adressen den forsøkte å nå. 

Koden for index.htm som du skal ha som Sinkkhole response page ser slik ut:

<!DOCTYPE html>

<div id="content">

<div class="header">

  <img src="https://dinwebside.no/logo.png" align="right" width="62" height="75" alt="logo" />

</div>

<html>

 <title>Sinkholed</title>

<head>

<h1>Sinkholed by Palo Alto Networks firewall.</h1>

<p>The site you want to visit seems suspicious and might try to install bad software, called malware, on your computer.</p>

<p>Contact <a href="mailto:support@dittdomene.no?Subject=Web%20Page%20Sinkholed" target="_top">Support</a> if you believe this is in error.</p>

<p>Please add the Suspicious address + Date and time in your email to your Support Team, this makes it easier to troubleshoot.</p>

<script type="text/javascript">

window.onload=function() {

var aObj=document.getElementsByName('name')[0];

aObj.setAttribute('value', encodeURI(location));

};

</script>

Suspicious address:</td>

<td>

<input size="55" type="text" name="name" maxlength="100">

<p>Date and time is <span id='date-time'></span>.</p>

</head>

<body>

</body>

</html>

<script>

var dt = new Date();

document.getElementById('date-time').innerHTML=dt;

</script>