How do I configure block notifications?

The Zscaler service displays a notification page to users whenever it blocks access to certain sites, files, or Internet applications. Additionally, the service displays a notification when it blocks access to a site due to a bad certificate (that is, if the certificate issuer is unknown, if the certificate has expired, or if the Common Name in the certificate does not match). For example, if a user browses to a site that is in a URL category that was blocked, the service blocks access to the site and displays a block notification similar to the one below.

The service displays the block notification any time there is a policy violation. For example, if a user attempts to upload or download an infected file attachment, the service blocks the file and displays a notification in the user’s browser stating that a virus-infected file was blocked. Similarly, if a user exceeds a daily quota for how much time he or she can browse social networking sites (as set by an administrator), the attempt to log onto one of their servers is blocked and the service displays a page in the user’s browser stating that access has been denied because the daily quota was reached.

The service provides a default notification which you can customize, or you can redirect users to an external site that hosts the notification page.

To configure the block notification page:

  1. Go to Administration > Resources > End User Notifications.
  2. In the Configure Notifications section, choose Default to display the system-generated message or choose Custom to redirect to an external site. See image.
    • If you choose the Default notification message, do any of the following:
    • Display Reason: Enable this to display why access to a site, file, or application was blocked or restricted in the end user notifications. This setting will affect the caution and block notifications.
    • Display Company Name: Enable this to display the name of your organization in the end user notifications. This setting will affect the caution and block notifications.
    • Display Company Logo: Enable to display the logo of your organization in the end user notification. You can upload your company logo on the Company Profile page. This setting will affect the caution and block notifications.
    • Optionally, enter text to customize the Notification Message. This message appears when the service blocks access due to your organization's policies. Any changes in this field affects the URL Categorization Notifications, Security Violation Notifications, and Web DLP Violation Notifications at the same time.
    • NOTE: If you choose to disable these settings, the changes will not be reflected in the previews of the templates, but the changes will be seen by your users after you save them.
    • If you choose Custom, enter the Redirect URL that hosts the notification. See the Redirection Guidelines.

configure notifications

configure notifications

Redirection guidelines

When the user's browser is redirected, the URL includes query parameters, which administrators can use to customize the page that is served or for logging purposes. During the redirection, all query parameters are sent to the external site. For Web DLP Violation policy requests, the query parameters enable the administrator to find the Web Post DLP transaction. These query parameters are:

  • action: Specifies the action that triggered the redirect.
  • cat: Specifies the URL category of the URL (if available).
  • kind: Specifies the policy that triggered the URL redirection. See a list of possible values for kind and their mapping to policies.
  • reason: Specifies the string that contains additional information about the URL.
  • reasoncode: Specifies the reason that this notification or redirect triggered. See a list of possible values for reasoncode and their explanation.
  • referer: Specifies the referer URL in URL-encoded format.
  • rule: Specifies the internal rule-id that triggered the block (if available).
  • timebound: Specifies whether this notification or redirect is triggered by a policy that includes time interval as a criteria.
  • url: Specifies the original URL that caused this redirect or notification.
  • user: Specifies the user-id (the login name) of the user (if available).
  • zsq: This parameter is used by the Zscaler service.

Kind to Policy

Kind to policy
Kind
Policy
access
Malware Protection Policy (Security Exceptions)
antivirus
Malware Protection Policy
bandwidth_control
Bandwidth Control Policy
blocked_ftp_access
FTP Control Policy
category
URL Filtering Policy
data_leakage
DLP Policy
file_type
File Type Policy
p2p
Advanced Threat Protection Policy
social_networking
Cloud App Control Policy (Social Networking & Blogging)
social_networking_upload
Cloud App Control Policy (Social Networking & Blogging > Posting)
streamed_media
Cloud App Control Policy (Streaming Media & File Sharing)
streamed_media_upload
Cloud App Control Policy (Streaming Media & File Sharing > Uploading)
wac
Browser Control
webim
Cloud App Control Policy (Instant Messaging)
webim_attachment
Cloud App Control Policy (Instant Messaging > File Transfers)
webmail
Cloud App Control Policy (Webmail >Vewing Mail)
webmail_attachment
Cloud App Control Policy (Webmail > Sending Attachments)
webmail_data_leakage
DLP Policy
webmail_quota
Cloud App Control Policy (Webmail > Time Quota)   

Reasoncode to Explanation

Reasoncode
Explanation
DENIED              
Denied access
CATEGORY_DENIED
Not allowed to browse this category
BEYOND_TQUOTA
Time quota exceeded daily limit
BEYOND_SQUOTA
Volume quota exceeded daily limit
BEYOND_INTERVAL
Not allowed during this time of day
AV_SIZE_BLOCK
Not allowed to upload/download files of size greater than configured limit
AV_TYPE_BLOCK
Not allowed to upload/download files of this type
AV_BROWSER_TYPE_BLOCK
Not allowed to use this browser
AV_ENCRYPTED_BLOCK
Not allowed to upload/download encrypted or password-protected archive files
AV_UNSCANNABLE_BLOCK
Not allowed to upload/download unscannable file formats
BLACKLISTED
Not allowed because URL is blacklisted
UNCATEGORIZED
Not allowed because URL is uncategorized
SN_WEBUSE_DENIED
Not allowed the use of this Social Network / Blogging site
SN_POSTING_DENIED
Not allowed to post message to this site
STM_VIEW_LISTEN_DENIED
Not allowed to use this Streaming Media/File Share site
STM_UPLOAD_DENIED
Not allowed to upload media files to this site
STM_TYPE_BLOCK
Not allowed to upload/download media files of this type
WM_WEBUSE_DENIED
Not allowed to use this Webmail site
WM_ATTACH_DENIED
File Attachment not allowed
TIME_BOUND_BLOCK
Time bound block
AV_AUTHENTIUM_VIRUS_SW_MW_BLOCK
Malicious file Blocked
DLP_DENIED
Violates Compliance Category
AT_REQ_MALWARE_DENIED
Not allowed to browse this Malicious URL
AT_REQ_PHISHING_DENIED
Not allowed to browse this Phishing site
AT_REQ_BOTNETS_DENIED
Not allowed to browse this Botnet site
BWCTL_SESSION_DENIED
Maximum sessions reached for this Bandwidth class
AT_RES_ACTIVEXBLOCK_DENIED
Not allowed because this page contains known dangerous ActiveX controls
AT_REQ_XSSATTPATT_DENIED
Block site vulnerable to XSS attacks
AT_REQ_COOKIESTEAL_DENIED
Possible browser cookie theft
AT_REQ_IRC_TUNNELING_DENIED
IRC use/tunnelling not allowed (request)
AT_REQ_ANONYMIZER_DENIED
Use of anonymizing sites is not allowed (request)
AT_REQ_BOTNET_CNC_DENIED
Detected possible botnet command and control traffic
WAC_DENIED
Secure Browsing blocked an outdated/disallowed component
WAC_WARNED
Secure Browsing warned about an outdated/disallowed component
AT_P2P_DENIED
Not allowed to browse this P2P site
AT_COUNTRY_DENIED
Not allowed to access sites in country
AT_RES_WRI_DENIED
This page is unsafe (high PageRisk index)
AT_RES_BROWSER_EXPLOIT_DENIED
Not allowed because this page contains known browser exploits (response)
FILETYPE_DENIED
Not allowed to access this file type
FTP_DENIED
Not allowed to access to FTP sites
RATE_LIMITING_DENIED
Rate limiting done
CLOSED_PROXY_DENIED
Denied due to closed proxy
AT_UNKUA_DENIED
Not allowed to browse with unknown useragent
IM_WEBUSE_DENIED
Not allowed to use this IM site
AT_RES_IRC_TUNNELING_DENIED
IRC use/tunnelling not allowed (response)
AT_RES_ANONYMIZER_DENIED
Use of anonymizing sites is not allowed (response)
AT_RES_BOTNET_CNC_DENIED
Detected possible botnet command and control traffic
AT_RES_MALWARE_DENIED
Destination contains potentially malicious content (response)
AT_RES_PHISHING_DENIED
Destination contains potential phishing content
AT_REQ_ADSPYWARE_DENIED
Detected possible adware/spyware traffic (request)
AT_RES_ADSPYWARE_DENIED
Detected possible adware/spyware traffic (response)
AT_REQ_WEBSPAM_DENIED
Not allowed to browse this webspam site
AT_RES_WEBSPAM_DENIED
Detected possible webspam traffic
METHOD_DENIED
Request method not allowed for this category
CATEGORY_DENIED_OVERRIDE
Not allowed to browse this category, needs override
DLP_DENIED_ARCHIVED
Violates Compliance Category, archived to mailbox
DLP_DENIED_ARCHIVE_FAILED
Violates Compliance Category, archive to mailbox failed
WM_SMAIL_DENIED
Not allowed to send webmail
MAPP_DENIED
Not allowed to use mobile App
AT_REQ_BROWSER_EXPLOIT_DENIED
Not allowed because this page contains known browser exploits (request)
BUP_WEBUSE_DENIED
Not allowed the use of this business site
ESC_WEBUSE_DENIED
Not allowed the use of this enterprise site
MAPPSTORE_WEBUSE_DENIED
Not allowed the use of this Mobile App Store
MAPP_INSECURE_COMMUNICATION_DENIED
Mobile App: insecure user credentials
MAPP_GEO_LOCATION_DENIED
Mobile App: location information leak
MAPP_PII_DENIED
Mobile App: personally identifiable information (PII)
MAPP_DEVICE_INFORMATION_DENIED
Mobile App: information identifying the device
MAPP_ADWARE_DENIED
Mobile App: communication with ad sites
MAPP_3RD_PARTY_COMMUNICATION_DENIED
Mobile App: communication with unknown servers
MAPP_MALWARE_DENIED
Mobile App: malicious behavior
MAPP_VULNERABLE_DENIED
Mobile App: known security vulnerabilities
CONS_WEBUSE_DENIED
Not allowed the use of this consumer site
DEV_WEBUSE_DENIED
Not allowed the use of this system and development site
SMKT_WEBUSE_DENIED
Not allowed the use of this sales and marketing site
OFW_WEBAPP_DENIED
Web application is blocked by Firewall rule"
OFW_FTP_DENIED
FTP access is blocked by a firewall policy
HTTP_CONNECT_DENIED
Not allowed to use HTTP tunnel
AT_BA_QUARANTINED
Quarantined
AT_TUNNEL_DENIED
Not allowed to use tunnels
SERVER_ACCESS_DENIED
Access denied due to bad server certificate
FAKE_PROXY_AUTH_DENIED
Fake Proxy Authentication
CASB_WEBUSE_DENIED
Not allowed the use of this site with personal credentials

  1. Each block notification ( URL Categorization Notifications, Security Violation Notifications, and Web DLP Violation Notifications) has its own individual Notification Text field where you enter text for each notification separately. Any text entered in a block notification's Notification Text field appears that notification alone. See image.

block notifications

block notifications

Any custom text you enter in the Notification Text and Notification Message fields appears in the block notifications as seen below.

Note that you cannot change the other text in the block notifications because it is generated when users are blocked because of policy violations. However, you can customize the appearance of the text or hide it with CSS styles.

To learn how to use this field to customize the appearance of the block notifications with CSS styles, click here.

  1. The IT Support section provides information on how users can seek additional information about why access to pages, files or web applications was restricted. You can provide an email address or phone number for a contact who can explain your company's use of the Zscaler service to protect your network, or a URL pointing to a page you created on your company intranet that describes your current policy about using corporate network and Internet resource. This information appears on the notification page.
  2. Click Preview Template(s) to see what the block notification will look like after any changes. You can preview the notification as many times as you want.
  3. Click Save and activate the change or proceed to configure the URL categorization notification or caution notification.

Click below to learn about other notifications you can configure in the admin portal.