Hi.

I have an environment where one TMG 2010 server exist. It's a Windows Server 2008 R2 Enterprise with just one NIC so I don't have any Publishing rule or Web Listener.
Issue comes when trying to access a site where the protocol is secure (HTTPS), and a block rule is in place for that site/domain. If protocol is not secure (HTTP), I can see the htm page I've set within "Redirect web client to the following URL:" for the advanced options of the rule.
However, when the blocked protocol is HTTPS, I don't see such html page I've set but "This page cant be displayed. Make sure the web address https://www.youtube.com is correct." if using Internet Explorer, although TMG blocking rule is accurate. So I can see the rule is properly acting for blocking, but not for displaying the URL/HTML I want.

Is there a way for handling HTTPS blocked connections with a custom error page (html)?

Thanks in ad

Hi,

Please check the blog below.

Quote:

The good answer: Thats not a bug, its by design. The IE product group made a design decision not to render error pages as discussed in the below article:

Internet Explorer 8 has a feature that ensures that the secure connection is made all the way to the target server. If it isnt, then no page is displayed

And the reason why this decision was made:

since a page from the proxy is never processed, it would not gain access to cookies belonging to the target domain that the user was trying to connect to.

TMG Custom Error Pages are not displayed with IE 8/9 for HTTPS Sites

Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Best Regards,

Joyce

Hi Joyce.

Thank you for your reply. I understand that such information can be usefull for a give browser platform "perhaps". What I don't understand is "why". It doesn't matter if the browser performing the query is IE, Chrome, Firefox, etc.; they all are giving a time-out message while TMG is logging the denied connection several times.

So... the connection pass through TMG at first (which is performing validation for the connection attempt against the rules) among other things like DNS resolution. Why does TMG is not redirecting the client the same way and with the same speed as when blocking HTTP sites? It just simply doesn't make sense "for me".

The reference document you're stating talks about security, encription and render. However, it doesn't talk about why it's performing those amount of operations while you have a denied rule in place? It must not wait time. It's blocked, I'll show you a custom eror. Period.

Thanks.