Custom block page isn’t working
There are various reasons a custom block page may not be working. Some of the common reasons are reviewed in this article.
Troubleshooting different scenarios:
- Is this a Web policy block page?
To ensure the functionality of a web policy block, HTTPS inspection must be enabled in the ruleset.
- Is the custom block page linked to the correct policy?
After creating your custom block page, ensure it is linked to the correct policy, you will need to expand your policy and click on Edit under "Umbrella Default Block Page Applied", select "Use a Custom Appearance" and choose your custom block page form the drop down menu:
- Is Org ID =0 and Origin ID=30829397 in Diagnostic Info?
This issue often occurs due to upstream blocking of Umbrella block page IPs "22.214.171.124/16" or, DoH is enabled on browser settings. If you're using Meraki MX and content filtering is enabled, you might want to contemplate disabling content filtering in your Meraki dashboard and incorporating Umbrella block page IPs "126.96.36.199/16" into your allow/exclusion list similar to the screenshot here:
Bypass Code/User isn't working
There are various reasons why a bypass code or user is not working properly, or you are receiving different error messages.
Troubleshooting Different Scenarios:
- You are receiving "The bypass Code you entered could not be found” error message:
Similar to block page appearance, it is essential to ensure that bypass codes/ users created are appropriately associated with the corresponding policy. If a bypass code or user is connected to a different policy, attempting to use the bypass code or user will result this error message.
- Block page doesn't show Administrative Bypass section for some destinations:
If the block page does not display the Administrative Bypass section for specific destinations, it may be blocked by your Application Block settings. The Bypass Code/User only works for Content Category and Block Destination List block types. To resolve this issue, consider removing the application and adding the domain/content category to this policy.
- You are receiving "The login credentials you entered were invalid" error message:
If Dashboard SSO is enabled, it is expected behavior to receive this error while logged in as a bypass user. Block Page Bypass (BPB) Users no longer bypass block pages or authenticate in any capacity to Umbrella. A BPB user is a user just like any other in Umbrella, but because of the way authentication is handled by SSO, it cannot be used to bypass block pages. Instead, you must use BPB codes.
- You are receiving "The bypass code you entered has expired” error message:
You are encountering this error message for the following reasons:
- The bypass code may have expired if its expiration date has already passed.
- The error may occur if the bypass code expiration is set to a date beyond 03:14:07 UTC on Tuesday, 19 January 2038.
Why the page is not loading correctly when I use the Bypass Code/User
When the user accesses a blocked domain and enters the code to unblock the domain, a cookie will be created on the user device with that domain.
For example: If the user is bypassing for YouTube, cookie gets created for `youtube.com` and only this domain. In this case, the Youtube service requests information from different domains like `youtube-nocookie.com, ytimg.l.google.com, and googlesyndication.com`, which is not allowed for this user policy. This will cause Youtube not to load correctly.
Solution: If you still wish to use the Bypass Code/User, you can add all the domains the page relies on to retrieve this information to the allow list. We have listed the most used service in the below article: Block Page Bypass: Domains to Allow
Block Page Bypass Caveats:
• If the blocked content is something embedded in the page (e.g. Image, Stylesheet, Script) the user won't be able to see the BPB page to enter the code (even though we try to display it).
• BPB codes can be configured to only unblock certain categories or destinations. This can lead to problems where part of the page is unblocked but embedded content is not. If in doubt try to test with a 'bypass everything' code.
• BPB is heavily affected by Content Security Policy on websites which may block our cookies and therefore prevent BPB working for embedded content. The customer may need to whitelist some of these embedded domains to get it working. See Block Page Bypass Domains to Allow.
• BPB bypass events are currently not logged in Umbrella reports.