3.8 Customizing the block page

When a request is blocked for some reason then a block page is displayed that –by default– looks as follows (the actual blocking reason message may differ):


This page can be completely replaced using a custom block page.

Replacing the default block page

To replace the default block page create a HTML file with the custom content according to the following:

Operating system


Default path



Windows or Windows Server

<Installation folder>\data\block_page.html

C:\Program Files\Metadefender ICAP Server\data\block_page.html

Local Service


Linux (RHEL / CentOS / Debian / Ubuntu)

<Data folder>block_page.html



r-- (400)

The default block page is not represented as a file in the file system. If the above file exists, then the default block page is overridden.

ICAP Server block messages

To display ICAP Server block messages in the custom page include the following token at the desired position in the page:


This token will be replaced by the appropriate ICAP Server block message.

Additional placeholders

For custom block pages several additional placeholder tokens are also supported.

Not in the default block page

The placeholder tokens below are not used in the default block page, but are available for a custom block page.





URL parsed from the original HTTP request.



Address of the client from whom the request originated.



Name of the server the ICAP Server is running on.



Arrival of the request to the ICAP Server.



Filenames which are blocked.

Present only if some violations were found, otherwise replaced by empty string.


Media types for blocked files.


Violations for blocked files.


The first violation for the blocked file.


The following example is the source code of a simple custom page that displays the ICAP Server messages only with no formatting at all:

<!doctype html>

It renders a very simple page that looks like this:


Default block page source code

The default lock page's source code can be reused to create a customized one.

Default block page source code
<!doctype html>
<html lang="en">
<title>MetaDefender ICAP server - File blocked</title>
<link href="https://fonts.googleapis.com/css?family=Roboto:400,500" rel="stylesheet">
html, body { margin: 0; font-size: 14px; position: relative; height: 100%; background-color: #F9F9F8; color: #273238; font-family: 'Roboto', sans-serif; }
a { color: inherit; }
a:hover { color: inherit; }
hr { margin: 0; border: 0; border-top: 1px solid #EFEFED; }
.box { margin: 30px; width: 678px; padding: 30px; background-color: #FFFFFF; border: 1px solid #EFEFED; box-shadow: 0 0 20px 0 #EFEFED; }
.box .title { margin-top: 0; color: #2672FB; font-weight: 500; }
.box .message { margin: 30px 0; }
.box .metascan { margin-top: 30px; font-size: 80%; color: #5F6C88; }
#container { display: flex; justify-content: center; align-items: center; height: 100%; }
<meta charset="UTF-8">
<div id="container">
<div class="box">
<h1 class="title">File blocked</h1>
<p class="message">%%%icap_block_message%%%</p>
<div class="metascan">Your administrator is using OPSWAT’s <a href="https://www.opswat.com/products/metadefender" target="_blank">MetaDefender Core technology</a> to scan downloads with multiple anti-malware engines. See additional ways MetaDefender Core can be used by trying the <a href="https://www.opswat.com/products/metadefender/client" target="_blank">MetaDefender Client</a> demo for scanning endpoint processes and files or the <a href="https://metadefender.opswat.com/" target="_blank">metadefender.opswat.com</a> file scanning service.</div>