Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    URL Redirecting is missing label for branding and warning on redirect

    Scheduled Pinned Locked Moved Cache/Proxy
    19 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee @johnpoz
      last edited by

      @johnpoz I am trying to learn about doing a transparent proxy URL redirect to a different website. I got it to work half way just testing and playing around with it, however I noticed it has no lable on the bottom that said it was redirected. My proxy is running in transparent mode. The goal of the lab was to have one URL when used be redirected to another.

      Example: if I am at work and try to access Facebook as an example it just redirects back to the company's website however on the bottom after redirection has a lable like this website has been redirected by companyabc.com company electronic device use policy.

      I got it to work with some some basic sites in transparent mode, with SSL certificates however it is not using https it went to 80 and the redirect is messed up it just didn't work correctly.

      Goal website redirects and the new site has a small message on the bottom for a set timer that warns user about redirect.

      Make sure to upvote

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @JonathanLee
        last edited by johnpoz

        @jonathanlee ok this has nothing to do with pfblocker then ;)

        Moving to proxy section, you might get more traction there from proxy users..

        however I noticed it has no lable on the bottom that said it was redirected

        I don't use proxy, and for sure don't play with it much.. This day and age of https everywhere they have become pretty irrelevant. But I don't recall that ever being like an option, not saying it can't be done.. But I don't believe is any sort of click this button sort of thing..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        JonathanLeeJ 2 Replies Last reply Reply Quote 1
        • johnpozJ johnpoz moved this topic from pfBlockerNG on
        • JonathanLeeJ
          JonathanLee @johnpoz
          last edited by

          @johnpoz

          This is the area that had URL redirection now in Squidguard

          guardredirect.JPG

          (Image: Squidguard URL redirection)

          Target.JPG

          Make sure to upvote

          johnpozJ 1 Reply Last reply Reply Quote 0
          • JonathanLeeJ
            JonathanLee @johnpoz
            last edited by

            @johnpoz It is no click point option you need SSL certificates loaded on all devices it will work with 443 with trusted certificates.

            Make sure to upvote

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @JonathanLee
              last edited by

              @jonathanlee that redirect doesn't add any sort of overlay that says its been redirected or anything.

              you need SSL certificates loaded on all devices it will work with 443 with trusted certificates.

              Which is a whole can of worms that shouldn't be opened - your breaking the chain of trust, etc.

              But you have fun ;)

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              JonathanLeeJ 1 Reply Last reply Reply Quote 0
              • JonathanLeeJ
                JonathanLee @johnpoz
                last edited by JonathanLee

                @johnpoz this is all equipment my devices my router and firewall. A business or such it would be their issue. SSL certificates for users on a network is standard practice. HTTPS url filtering works great see below I can block and add notes for HTTPS or http.

                URL BLOCK.JPG.jpg

                (Image: url blocking working)

                If this overlay worked why does it not add one for redirected urls?

                Make sure to upvote

                JonathanLeeJ 1 Reply Last reply Reply Quote 0
                • JonathanLeeJ
                  JonathanLee @JonathanLee
                  last edited by

                  @jonathanlee keep in mind all urls used are testing urls for learning.

                  Make sure to upvote

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @JonathanLee
                    last edited by

                    @jonathanlee that is the normal block page, and it loads because its not https..

                    Have fun trying to do with https.. You would have to create a cert for www.cnn.com on the fly, and your browser would have to trust the CA that created it, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    JonathanLeeJ 1 Reply Last reply Reply Quote 1
                    • JonathanLeeJ
                      JonathanLee @johnpoz
                      last edited by JonathanLee

                      @johnpoz I wish we could do a overlay for a redirect. I have to admit redirection and learning about this today was amazing.

                      Make sure to upvote

                      N 1 Reply Last reply Reply Quote 0
                      • N
                        netblues @JonathanLee
                        last edited by

                        @jonathanlee You can block https but you cannot redirect it.
                        And adding local trusted ca's on all devices and creating "fake" site certificates on the fly isnt easy.
                        And why you need an overlay? A simple landing page is enough (if you have managed to do the redirection)

                        JonathanLeeJ 2 Replies Last reply Reply Quote 1
                        • JonathanLeeJ
                          JonathanLee @netblues
                          last edited by

                          @netblues thanks for the reply. Do you think they will ever have a browser plugin to act like Burp suite so we could make redirection work correctly? Http works for the messages however https does not. The cookie interaction and SSL issues with the redirection cause most of the issues. With a proxy like Brupe suite you can have the Forward pause and adapt it on the fly with pen testing even regenerate cookies. But for a valid redirect there has to be a way to just auto generate a cancel and a new url reload with the new url. What http header sends the stop? We just need to cancel and refresh with the new URL right? But how can you hit the refresh without a plugin?

                          Make sure to upvote

                          JonathanLeeJ 1 Reply Last reply Reply Quote 0
                          • JonathanLeeJ
                            JonathanLee @JonathanLee
                            last edited by JonathanLee

                            @jonathanlee

                            HTTP request methods - http: MDN. HTTP | MDN. (n.d.). Retrieved January 6, 2022, from https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods

                            One has to work, I will just have to play with some code next semester if I learn more and test for a while and make it very secure. Goal is to stop the unwanted non approved URL cancel the browser request and after have a new request generated for a new URL and send the new url down. But it would require a approved plugin like Kaspersky uses. You have to control the browser someway. All it is a redirected url with a overlay. Kaspersky antivirus uses browser extensions even Chrome approved ones that install SSL certificates on the fly for use with the software based IDS and antivirus software. I would feel more comfortable with such extensions installed on the firewall.

                            General articles: Answers to frequently asked questions. How to enable the Kaspersky Protection extension in Google Chrome, Mozilla Firefox and Microsoft Edge based on Chromium. (n.d.). Retrieved January 6, 2022, from https://support.kaspersky.com/common/start/12782

                            Make sure to upvote

                            N 1 Reply Last reply Reply Quote 0
                            • N
                              netblues @JonathanLee
                              last edited by

                              @jonathanlee Creating and maintaining a plugin that works on many browsers and devices isn't something easy.
                              It does require a team of devs and testers and a way to finance it.
                              Kaspersky is a multimilion dollar security software company with many subject matter experts.
                              If it was easier they wouldn't have opted for a plugin, to begin with.

                              JonathanLeeJ 1 Reply Last reply Reply Quote 0
                              • JonathanLeeJ
                                JonathanLee @netblues
                                last edited by

                                @netblues
                                One can say . .
                                A community is always be stronger than abuses brought by the few.

                                I got the http redirect to work however for the blocked https I am still working on that I want it to go to the official blocked page like this. see image below

                                Screen Shot 2022-01-06 at 8.17.09 AM.png

                                This only works when I go to http://zoo.com
                                if I try https://zoo.com this occurs

                                Screen Shot 2022-01-06 at 8.18.01 AM.png

                                I am missing a setting or something. I just get a error page

                                Make sure to upvote

                                1 Reply Last reply Reply Quote 0
                                • JonathanLeeJ
                                  JonathanLee @netblues
                                  last edited by

                                  @netblues Even with the landing pad it gives an error for me currently only http works.

                                  Make sure to upvote

                                  johnpozJ 1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator @JonathanLee
                                    last edited by

                                    @jonathanlee I would suggest you go through the hangout by jimp

                                    Youtube Video

                                    While its a bit dated now with 2.5 and 2.6 around the corner.. I am not aware of any sort of major changes.. And for sure this hangout goes over the different options of doing https proxy.

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.