Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

Block Page Notice for HTTPS content

Currently there is no visible indication provided for HTTPS page interceptions, can this be changed so the end user gets some feedback as they would do with HTTP content?, as currently they just get a "This page cannot be diplayed"

14 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Paul Howard shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • Edgar commented  ·   ·  Flag as inappropriate

    The lack of notification on blocked HTTPS sites is likely to put off many more sysadmins from using the product.

    The team at Sophos are great but should prioritise this issue as it leaves existing and potential clients with no other option but to look at alternative products.

    A competitor using DNS based web-filtering have circumvented a similar problem by providing a ROOT CA which is installed on all endpoints - historically we have not encountered anyone complaining of cert alerts with this workaround.

    I take the message made by Rich on board and appreciate that toast notifications may not be a suitable option, but 12 months down the line since Rich made his comment - Is there an update?

  • Chris Urbacz commented  ·   ·  Flag as inappropriate

    Would it not be possible to redirect the clients to a landing page that details the warning (static page / CDN or whatever) this would mitigate concerns around MITM and TLS doing its job.
    Can the client either - redirect the request to a static page - or provide a toast notification / client notification

  • JJB commented  ·   ·  Flag as inappropriate

    Really annoying. Give us the possibility of choosing the approach here, Sophos can do mitm and display a warning, we just need to deploy the ca cert in the workstations. This is crucial. I'll probably move away from this solution in the future if there is no fix for this.

  • AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

    This is a tricky area to navigate. We will certainly look at this in the near future, but here is some context:

    When the browser initiates a normal HTTP web request, we can intercept that request and substitute the HTML of a block page. Because HTTP has no security or connection validation, the browser just displays that HTML and the user sees a block page.

    When the browser initiates an HTTPS request, we see an SSL/TLS handshake packet and make the decision to block based on that. The browser is expecting to receive a server TLS response. If we try to respond with HTML, it will drop the content and not display it. The only way to get the browser to display a block page is for us to pretend to be the server that you were connecting to, complete the TLS tunnel and send the HTML page through that. But that can cause other problems, such as security or certificate alerts popping up in the browser before the message is seen, which can be alarming to end-users.

    In the past, Sophos Endpoint would use desktop popup messages to indicate when an HTTPS connection had been blocked. But this caused a lot of complaints, particularly because it would be visible even for blocking 'background' HTTPS connections like advertising or other issues which would have been invisible had they been HTTP.

  • Frank Backes commented  ·   ·  Flag as inappropriate

    Definitely we need this feature as how do you expect the user to inform us about a homepage being blocked if he doesn't know if it's blocked or misspelled or simply down or any other reason that might do that the page is down, it could even be that the machine is infected with DNS Spoofing and leads him to a page down to avoid that he can't access a certain page. I really don't get why you didn't develope a page for HTTPS content.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This has been awful. We really need a message otherwise a user cannot tell if a site is blocked or down. Very annoying!

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.