No Malware Block Page When Using SSL Decryption

No Malware Block Page When Using SSL Decryption

Created On 09/25/18 19:30 PM - Last Modified 08/05/19 20:11 PM



When using SSL decryption policy to block malware, the block page does not always display.


When requesting a web page, browsers tend to allow any response with a header similar to this:

Accept: text/html, image/png, */*;q=0.1\r\n

The */* indicates any response will be accepted.

When requesting a specific object (.zip, .txt, etc.) the client browser may only allow that type of response, limiting what the browser will display. If requesting a .txt file, you may only see:

Accept: text/text\r\n

When the firewall displays a response page indicating that the request is blocked due to a virus, it displays it as an html page. The mime-type is text/html. This can mean that if the browser is only allowing text/text, the page will not be displayed.

During an SSL communication, the client browser may close the request rather than display an error that the mime-type did not match what was requested. This results in the browser just "spinning", not displaying any page until an error is presented after a timeout.

owner: gwesson

  • Print
  • Copy Link

Choose Language