Forum Discussion
Sam_Pickles_110
Nimbostratus
NimbostratusCustom blocking page - formatting and mailto: link
Hi all;
If anyone is playing around with custom formatting for response pages, one approach I've used recently with success is to take a page from the back-end application, right click and view source, then copy this into notepad and remove most of the page body; leaving just the banners, formatting, menus, page layout etc. Its OK for this page to contain references to external objects such as CSS unless you are using IP address enforcer, in which case the page may not display properly.
Then in the middle of the page, insert something like the text at the end of this post. This HTML gives the user a mailto link, in the event that the user is trying to do something legitimate, and they wish to raise the issue with security. The email which opens contains the support ID as a subject line which makes it easy for security team to investigate the reason for blocking. This is helpful in the case of a legitimate user who is doing something which contravenes security policy; but without malicious intent.
If anyone would like a sample page for the Auction site or Hacme bank, please mail me and I'll fire it across (can't attach to this post sorry - file type disallowed).
hope this is useful;
regards, Sam
Your request is invalid. Please try again or click below to contact security administrators.
hoolioCirrostratus
Hi Sam,
I think your post got munged. Can you add .txt to the filenames and attach them instead?
Thanks, Aaron
Sam_Pickles_110- Sam_Pickles_110OK, the mailto link seems to have displayed correctly by enclosing in a code block above. I wasnt able to upload .txt, .html or .zip file types, and uploading a file with no extension doesnt seem to open properly when you try to download it (the file attached to this post is a .zip, if you manage to download and rename it).
I will post the Auction page example in a code block below... sorry this will be a big mess of a post.
cheers, Sam - Sam_Pickles_110
PHPAUCTION | | | | Search Browse Art & Antiques Books Clothing & Accessories Coins & Stamps Collectibles Comics, Cards & Science Fiction Computers & Software Electronics & Photography Gemstones & Jewelry Home & Garden Movies & Video Music Office & Business Other Goods & Services Sports & Recreation Toys & Games Video Games All categories Apr.27 2009, 20:52:27 38 REGISTERED USERS 622 AUCTIONS Invalid Request Your request is invalid. Please try again or click below to contact security administrators. | | | | Copyright 2000-2002, PHPAUCTION.ORG If you are interested in obtaining a CD of this application, please contact your local F5 sales representative. This web application is based on a modified version of phpauction (phpauction.org). This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2 or later). www.f5.com | The Leader in Application Traffic Management Ensuring secure and optimized application delivery for global enterprises