Block website
-
From my standpoint, if you want successful "DNS based" implementation, be sure you block DNS flow through your firewall otherwise clever user will bypass your control relying on external DNS ;)
Last but not least, even with internal DNS "only", accessing forbidden web site typing IP address can't be block using DNS (while proxy can achieve it 8))Are you still convinced you do want to achieve it without proxy ???
-
Last but not least, even with internal DNS "only", accessing forbidden web site typing IP address can't be block using DNS (while proxy can achieve it 8))
These days most complex web sites (like the ones wanting to be blocked here) use many different names/IP addresses to serve up various components of the site. If you learn the (an) IP address of the site then sure, you can go to it and get some basic page. But a bunch of content will be referenced by other names and if resolution of those is diverted by host/domain overrides then the user effectively has a very difficult time making any use of the site.
So a DNS-only blocking strategy can still be practically effective. -
The entry you've made where you've put 'myhost' means that the override will work when you try to visit 'myhost.facebook.com'. If you want it to resolve to 'www.facebook.com' enter 'www' in the Host field. Otherwise do as KOM suggests.
I tried this, but it doesent block the frontpage. But everything else gets blocked. I'm very confused.
-
I tried this
You tried what? Using www or leaving it blank?
-
@KOM:
I tried this
You tried what? Using www or leaving it blank?
Leaving it blank didn't do anything.
-
https://forum.pfsense.org/index.php?topic=43835.0
-
https://forum.pfsense.org/index.php?topic=43835.0
So i added "address=/dev/192.168.1.6" and nothing changed.
-
So i added "address=/dev/192.168.1.6" and nothing changed.
Please, try using brain. Go re-read the post a couple of times.
-
So i added "address=/dev/192.168.1.6" and nothing changed.
Please, try using brain. Go re-read the post a couple of times.
Please, be nice. This doesen't make sense for me.
I'm trying to block this website: vg.no
-
Then why on earth are you sticking dev there, instread of vg.no?!?!
-
Then why on earth are you sticking dev there, instread of vg.no?!?!
address=/vg.no/192.168.1.6
It still doesen't block the frontpage, but when i click on read article etc it gets blocked.
-
Nothing happened is worthless problem description. (BTW, the DNS results are cached, you need to flush the cache. Reboot the boxes you are testing this from if you don't know how.)
-
Nothing happened is worthless problem description. (BTW, the DNS results are cached, you need to flush the cache. Reboot the boxes you are testing this from if you don't know how.)
Thank you for the help!
-
there are really very few websites that would even load a basic page on ip, since most everything is CDN and requires the host headers to know what to serve (multiple pages on same IP)..
You could always validate this with what site your looking to block by going to the IP yourself and seeing what content is provided.