• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to block dropbox website

pfSense Packages
3
5
16.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    smizzio
    last edited by Feb 21, 2013, 7:08 PM

    Hi i have installed on my pfsense squid and dansguardian.
    I have downloaded from shalla blacklist and configured.
    I want to disable access to dropbox website.
    In proxy server configuration i added dropbox to blacklisted site: now i can't access to http://dropbox.com but i can access to https://dropbox.com
    Ther is the possibility to block this site?
    In my lan i have to block it for 5 computers.

    Thanks to all!

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Feb 22, 2013, 9:24 PM

      And what do these computers use for dns?  A simple way of preventing users from using such tools and sites is to just prevent the dns lookup.  If they use pfsense box for dns, just put in a host over ride for the domain that points nowhere.

      Now the client will not resolve, now browser will not resolve anything.dropbox.com

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • K
        Klaws
        last edited by Feb 23, 2013, 11:21 AM

        Just block dropbox's IP address range (199.47.216.0/22) in the firewall.

        DNS overrides can be circumvented if the user chooses a different DNS server. You can, of course, block DNS queries to other DNS servers, to make things a bit harder for the user.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Feb 23, 2013, 12:28 PM

          They own more than that.  Yes dns is not always the perfect solution, but he has not stated the skill set of his userbase.  And yes I would assume he prevents the use of other dns by blocking upd/tcp 53 outbound as well.

          notify21.dropbox.com

          CIDR:          108.160.160.0/20
          NetName:        DROPBOX

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • K
            Klaws
            last edited by Feb 23, 2013, 2:08 PM

            @johnpoz:

            […] he has not stated the skill set of his userbase.

            That's the point. Of course, the user can also use proxies to circumvent IP address blocks. Some procies have HTTP/HTML interfaces, so users won't even have to reconfigure their browsers.

            Dropbox is, of course, a service for losers. ;) Geeks would have their own FTP servers, shell boxes, VPN endpoints. They might even bring in their own 3G router if they feel the urge to bypass the firewall with their work PC. I've even seen idiots unplugging the fax machine to dial into the internet via an old analogue modem (with the result that, on the next day, large parts of the companies's IT were infected by a virus).

            The Computer Science lessons in school are actually a good way for kids to learn hacking firewalls. Not because it's taught (it isn't), but because the school's firewall is pretty restrictive. Once one kid finds out how to circumvent the blocks, this knowledge will spread to the other kids. If one these kids has a parent, and this parent is one of smizzio's users, this user might trun into a "script kiddie", erm, "script daddy/mommy" ;) - capable of circumventing security measures, but not understanding the risk.

            Logging is a way to get the user's attention (if it's allowed in your country). Make sure that the users know that every bit of traffic is logged and that they'll get into trouble if anything pops up which might look like an IP address of a proxy, dropbox, VPN tunnels, whatever. if you don't want to be seen as the "network nazi", you might mention that surfing for lolcats is okay. ;)

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.