Configure a block page
When trying to visit a blocked website, users will see a default browser error page like this one:
This is because Gateway responds to any blocked domain with 0.0.0.0, and does not return the blocked domain's IP address. As a result, the browser cannot take the user to that website.
However, this may be confusing for some people, as they may think that their Internet is not working.
To remove this confusion, you can configure Cloudflare Gateway's block page to explain to the end user why a website is being blocked.
To enable a block page using Gateway's policy engine, you will have to follow a three-step procedure:
- Enable the block page.
- Download the Cloudflare certificate.
- Add the certificate to your system.
1. Enable block page
- Navigate to the Policies tab in the .
- Find the policy for which you would like to set up a block page.
- Click Edit.
- Scroll down to find the Block page card.
- Toggle the Enable switch.
- Click Save.
Enabling block page alone will not work for HTTPS connections. When your users try to visit a blocked website, they will now see the following error:
To fix the browser error, you need to download and add a certificate to your system.
2. Download certificate
- Navigate to the Settings tab on your .
- Click on Account.
- Scroll down to find the Certificates card.
- Click on Download.
You will now need to add the certificate to your system to ensure your web browser will use this certificate to establish HTTPS connections.
3. Add certificate to your system
- If you are on a Mac, double-click on the .pem file.
- The certificate is now listed in the Keychain Access application.
- Double-click on the certificate and then click on Trust.
- Select Always Trust from the drop-down menu for When using this certificate.
- Close the menu.
If your system asks for admin permission, enter your password or use your fingerprint ID to confirm the changes.
If you are not using Firefox, you can skip this section.
Follow the instructions below to finish configuring the block page:
- Enter about:config in the address bar.
- Click on Accept the risk! if you see a prompt from Firefox.