Gently Blocking HTTPS sites
Scary for Users. Workload for Help Desks.
Users on networks with DNS-based filters blocked HTTPS sites ends up being shown a scary HTTPS certificate broken warning by the browser. This happens because the block page (hosted by the Cloud DNS provider such as Rawstream) does not have a valid SSL certificate for the blocked domain. The browser assumes that there is an evil hacker at work trying to intercept accept access to the domain.
This is alarming for users and generates needless tech support calls to helpdesk.
NXDomain it instead.
We cannot get around the problem of not having SSL certificates, but we can do something about the scary browser warning page. From today, when a user attempts to access a blocked HTTPS page they will get an NXDOMAIN error instead of being directed to our block page.
NXDOMAIN means domain does not exist – an error which the browsers can understand and does not result in showing scary alerts.
This is a small change, but one we hope helps IT admins and improves the experience of end-users.