No Malware Block Page When Using SSL Decryption
Resolution
Symptom
When using SSL decryption policy to block malware, the block page does not always display.
Cause
When requesting a web page, browsers tend to allow any response with a header similar to this:
Accept: text/html, image/png, */*;q=0.1\r\n
The */* indicates any response will be accepted.
When requesting a specific object (.zip, .txt, etc.) the client browser may only allow that type of response, limiting what the browser will display. If requesting a .txt file, you may only see:
Accept: text/text\r\n
When the firewall displays a response page indicating that the request is blocked due to a virus, it displays it as an html page. The mime-type is text/html. This can mean that if the browser is only allowing text/text, the page will not be displayed.
During an SSL communication, the client browser may close the request rather than display an error that the mime-type did not match what was requested. This results in the browser just "spinning", not displaying any page until an error is presented after a timeout.
owner: gwesson