Note: This guide will setup a blocking page using a webserver, however there will be a discrepancy between the domain name specified by the client in the HTTPS request and the domain name on the SSL certificate of the local web server. This mismatch triggers SSL validation problems, resulting in potential errors for clients trying to access the blocking page.
When a client makes an HTTPS request to a server, the server expects the domain name in the request's Host header to match the domain name on the SSL certificate. If your DNS server forwards traffic to a local web server, and the client's request does not match the SSL certificate's domain, it will likely result in SSL errors or warnings.
A proxy server could fix this issue by terminating the SSL connections from clients, then establish new SSL connections to the local web server.
This way, the SSL certificate on the local web server matches the domain in the HTTPS request's Host header.
Setting up a blocking page using a local webserver
- Create a local webpage using your desired webserver.
- You can use a HTML template provided by Secutec, found in the attachments at the bottom of the page.
- Go to the DNS manager, and make a new Forward Lookup Zone (right click New
Zoneā¦) - Go through the wizard, it should be a Primary zone replicated to other existing dns-servers in the domain.
- Leave the settings default, click Next twice and enter sinkhole.securedns.eu as zone name and click Next again until the zone is created.
- In the newly created zone, right click to add New Host (A or AAAA).
- Make an A record for each subdomain.
Subdomain List spam phishing malware apt blacklist botnet certs new scam tests - Enter the IP address of the local webserver/webpage
- Make an A record for each subdomain.
- The DNS server should now resolve all sinkhole domains locally to the desired location.
- Leave the settings default, click Next twice and enter sinkhole.securedns.eu as zone name and click Next again until the zone is created.
Redirecting all paths to the landing page
If the requested blocked URL contains a specific path such as for example "https://malicious.com/123" (which will then be "https://malware.sinkhole.secure-dns.eu/123"), the webserver will return a 404 error by default, as the final URL will be "https://<YourServer>/123" and the page does not exist. To handle such requests and make sure the blocking page is displayed, you need to configure URL Rewriting on your webserver so that all requests go to your index.html.
Example on Apache2
In your Apache configuration for your website, found in sites-available (for example: /etc/apache2/sites-available/000-default.conf), add the following parameters, ensuring that AllowOverride is set to All
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
This will allow you to use the .htaccess configuration file, to customize website settings such as URL Rewriting.
Next, create a file ".htaccess" in your website directory (for example /var/www/html), and paste the following configuration:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /index.html [L]
This rewrite rule will redirect all requests to index.html while excluding requests for existing files (-f) and directories (-d). This should ensure that requests like "/123" are also redirected to index.html.
Finally, restart Apache:
sudo systemctl restart apache2
Download HTML Template