How to block https://facebook.com
-
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
where is the options ?
tks! -
You need to configure it both in the proxy (remove the transparent option) and in the browser's own proxy settings (and optionally in DNS). You'll also need to have a web server host the WPAD file - Wikipedia has more.
-
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
Is there any easier way? If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.
Another easy way would be to "blackhole" facebook.com using pfsense's DNS forwarder to create a DNS override to some "other" IP (this only works as long as people can't manually configure their devices to use a 3rd party DNS - so you may have to block 3rd party DNS servers)
Finally you can do "generic" URL filtering e.g. with squid/squidguard but to catch https would require you to configure them via WPAD/PAC to use your proxy, as explained by others.
-
The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.
I already try with below IP, but floating o lan rule don't work !
-
no idea?
-
A single rule on lan denying access to your alias should work.
Also include apps.facebook.com name on your alias.
To use wpad/pac, follow this tutorial skiping active directory configuration
http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html
-
I'm using the recent version 2.0.1
how do i block facebook in that version?
-
Create a firewall alias with facebook hostnames and/or ip ranges and then apply it on a firewall -> rule on lan interface.
-
here is screenshot of by Fbook aliases works fine
and rule on LAN
-
Hai all, blocking https://www.facebook.com is working for me, but how to block only http://apps.facebook.com & https://apps.facebook.com without blocking normal facebook.com ? :)
-
You can try with a proxy server instead of firewall rules but I'm not sure if you can block apps.facebook without blocking facebook at all.
-
Create a firewall alias with facebook hostnames and/or ip ranges and then apply it on a firewall -> rule on lan interface.
Hi,
I tried the same in transperent proxy but it is not working for https.thanks in advance
-
here is screenshot of by Fbook aliases works fine
and rule on LANHi, I tried the same but it is nor working in transperent proxy.
any help.. -
transparent + https isn't going to work. firewall rules with alias and https will do the work
-
IF you want my advice.. I use Squid with Squid Guard to block Facebook and other social media websites. But i understand it can get complicated. A really easy solution is to use opendns.com which is truely amazing with the amount of protection you can get for your network.
-
Here is a small contribution from meioloco on brazilian forum with facebook networks.
http://forum.pfsense.org/index.php/topic,51815.msg280137.html#msg280137
-
well guys can you help me please make it work this https://www.facebook.com? cause I cant figure out how to make it work using pfsense 2.03 using last stable squid package, squidguard and lightsquid, my wan and lan and cisco router are on the same range , Cisco does the nat , but also the pfsense has its default nat enabled rules, also I didn't make any firewall rules besides the default automatic ones which allow any lan traffic, wan has no firewall rule, cisco is the gateway for wan interface, and the wan interface is the gateway for the lan interface, also there no static routes in place. . Google https works, my company https works, some other https sites work, but facebook wont work although its allowed on acl list
Please help I am a newbie.
when I don't use proxy the facebook page is oki -
This is what I did to block Facebook.com along with squid-guard. But on the other-hand users can still use ultra-surf or change their dns to either google or any other one and access that stupid site! >:(
with DNS forwarder enabled! but remember blocking (check the img) this way blocks everyone on the LAN!
successfully working! ;)
