Block only google drive upload

koko_adams

Hi

I would block upload file to cloud provider sush as Dropbox, Google Drive, etc

I can block dropbox traffic

but , with google drive , i think it is not easy, many web site is in the same ip range with drive (youtube , google doc , ...)

how i can block only google drive ?

Thank You

bmeeks

You somewhat answered you own question with these words:

not easy, many web site is in the same ip range with drive (youtube , google doc , ...)

You need a DPI (deep packet inspection) engine to accomplish this and possibly even a MITM (man-in-the-middle) certificate proxy system so you can inspect payloads in cleartext. You could try the OpenAppID functionality within the Snort package, but I don't recall if there are any existing Google Drive rules in that rule set.

Gertjan

Hi,

Well ... as you said yourself, you can't use destination-IP-list discrimination, otherwise it would be as easy of finding all the Google-drive IP's, throwing them in an Firewall alias and using this alias in a firewall block rule.
Although I do think that Google services like the web search egnin, Youtube, Gmail, etc do not use the same IP's as Google drive.

The next step would be : finding out what Google drive (for example : login phase) packets have in common : this means your have to to filter on IDS/IPS level - see the sub forum for information. This can be done, and certainly not in a lost afternoon.
See also this one to get the picture.

edit : @bmeeks types faster ^^

akuma1x

If it's as simple as drive.google.com, you could set the Domain Override in Services -> DNS Forwarder to resolve it to nothing. That's the "!" character in that entry.

I say simple above, but it's probably not that cut-and-dry... I don't know for sure if google drive has a much larger reach, domain or IP address-wise.

Read more about dns forwarder here:
https://docs.netgate.com/pfsense/en/latest/dns/dns-forwarder.html

Jeff

Moeamed

@koko_adams said in Block only google drive upload:

Hi

I would block upload file to cloud provider sush as Dropbox, Google Drive, etc

I can block dropbox traffic

but , with google drive , i think it is not easy, many web site is in the same ip range with drive (youtube , google doc , ...)

how i can block only google drive ?

Thank You

Hello Koko_adams,

I am very curious about this subject. Do you find a solution/work around ?

Thank you,

JKnott

@koko_adams said in Block only google drive upload:

I would block upload file to cloud provider sush as Dropbox, Google Drive, etc

You want to block upload and not download???

I doubt that would be possible with a firewall, as you'd have to filter the traffic in an encrypted https stream. You might be able to get a proxy to do that, but not a plain firewall.