Gently Blocking HTTPS sites

Scary for Users. Workload for Help Desks.

Users on networks with DNS-based filters blocked HTTPS sites ends up being shown a scary HTTPS certificate broken warning by the browser. This happens because the block page (hosted by the Cloud DNS provider such as Rawstream) does not have a valid SSL certificate for the blocked domain. The browser assumes that there is an evil hacker at work trying to intercept accept access to the domain.

This is alarming for users and generates needless tech support calls to helpdesk.

NXDomain---Your-Connection-is-not-private-certificate-error

 

NXDomain it instead.

We cannot get around the problem of not having SSL certificates, but we can do something about the scary browser warning page. From today, when a user attempts to access a blocked HTTPS page they will get an NXDOMAIN error instead of being directed to our block page.

NXDOMAIN means domain does not exist – an error which the browsers can understand and does not result in showing scary alerts.

This is a small change, but one we hope helps IT admins and improves the experience of end-users.

Related posts

Rawstream's new Threat Huntr™: now you can hunt cyber threats rather than wait for an attack

Be Proactive with Cyber Security Rawstream’s new Threat Huntr™ proactively searches for unknown, active threats in an environment It is the new gold standard for endpoint security. Malware or attackers can be lurking in your network quietly siphoning off data, or working their way across the...

Wildcard Support for Cloud DNS Filtering

From today, Rawstream Network Security adds the capability to allow or block domains based on wildcards. Wildcard support is being rolled out across all our DNS IPs right now and will be complete across the next few hours. The entries will match on the full domain queried, including...

New: MX Logging

New: MX Logging

We've recently updated Rawstream Network Security to collect and report DNS MX requests. This matters because it can help organisations detect potential security breaches. Mail Exchanges DNS is the internet's telephone directory. When you to browse to example.com, the browser looks up...