Redirect to a Custom Block Page

If you wish to use a custom block page, you can redirect to your own website instead. For example, you can redirect to your website's acceptable use policy.


Incompatibility with Block Page Bypass

Policies that use the Block Page Bypass feature cannot be used with a redirected block page. If configured this way, the Umbrella Default Appearance will be used instead.



  1. Navigate to Policies > Policy Components > Block Page Appearance and click the setting you want to edit.
  1. Select Redirect Users to this URL, then specify your URL.
  1. Click Save.

If your custom page is encrypted, you should include https:// before the rest of the URL. Otherwise, the protocol can be omitted.


Your custom website can be configured however you want. To get started, see our sample block pages in our public repository, SampleBlockPages. We have provided samples using ASPX in C#, HTML and Javascript, and PHP. When a block page is triggered, Umbrella appends the following HTTP query parameters.

  • client_ip—The external IP address of the client that made the request.
  • url—The requested domain in ROT13 and percent-encoded. Encoding ensures pass-through to internal resources in environments where other firewalls or filtering is employed.
  • type—The type of block that triggered the redirect. Types include:
    • security—Domain blocked due to security settings.
    • aup—Domain blocked due to content settings.
    • domainlist—Domain blocked due to a destination list.
    • phish—Domain blocked due to being involved in a phishing attack.
  • cats—When the block type is aup (content settings), the matching categories for the domain are listed in a percent-encoded JSON object. For example, if the requested domain is found in the Chat and Instant Messaging categories, the following is sent:
    • Original JSON object: ["Chat","Instant Messaging"]
    • Encoded JSON object: %5B"Chat"%2C"Instant+Messaging"%5D

You can use these HTTP query parameters to further customize your block page experience. For example, presenting a different message for each block type. Here is a snippet from the HTML sample page:

// Phishing Domains
        case "phish":
            $("#message").text("is believed to be involved in a phishing attack.");

You can replace the message text here. For example, you could include a link to your company's acceptable use policy.

Upload a Custom Logo < Redirect to a Custom Block Page > Block Page IP Addresses