Best way block facebook on https (port 443)

asankaj2006 · Jul 23, 2012, 6:11 PM

I have implemented squid server and squid filter successfully on pfsense 2.0.1.
One of the intentions behind implementation of squid proxy is to block facebook.
I manage to block facebook that is running with (http) port 80, but its possible access facebook using (https) port 443 .
Can some please advise me best possible way to block facebook on hhtps.

Cheers
Asanka

podilarius · Jul 23, 2012, 6:43 PM

haven't tried it but in the ACL black list try

.*facebook.com:80

It might work.

marcelloc · Jul 23, 2012, 7:13 PM

@asankaj2006:

Can some please advise me best possible way to block facebook on hhtps.

Are you using squid in transparente mode?

dhatz · Jul 23, 2012, 8:08 PM

You can't do https filtering with Squid in transparent mode, you need to configure your clients to use it.

asankaj2006 · Jul 24, 2012, 2:59 AM

Yes I am using squid in transparente mode.

podilarius · Jul 24, 2012, 3:39 PM

@dhatz:

You can't do https filtering with Squid in transparent mode, you need to configure your clients to use it.

That is true … so I just added:

.*facebook.com

to the black list. I was blocked on port 80, but I was still allowed to access facebook on https.

josekym · Jul 25, 2012, 9:29 AM

You have to block using firewall rules. We do block 443/HTTPS traffic to Facebook CIDR networks during regular office hours.

For us, we block the following destination CIDR networks:

69.63.176.0/20
69.171.224.0/19
63.135.80.0/20
66.220.144.0/20
65.201.208.24/29
65.204.104.128/28
74.119.76.0/22
204.15.20.0/22
173.252.64.0/18
96.16.0.0/15