Block Facebook.com
-
Re: [Confused](pfblockerng 2.2.1 Shallalists. blocks facebook.com but not www.facebook.com)
I got the same problem as dabone. Your solution worked partly. If I nslookup facebook.com & www.facebook.com it resolves to my virtual IP 10.10.11.1 but if I open my Chrome and I type "facebook.com" I get this
If I look on my pfblocker/reports I see this:
I tried to connect to "http:www.amistad.com/" which is also listed in the Shallalist/socialnet and i see:
Maybe the difference between this two Websites is http and https?
Any Idea how I can get this if I type "facebook.com"? -
It seems that it's working...you cannot get to either one.
-
Yes this is true but I would like to get always the Error-Message: "this website[...] has been blocked by the Network Administrator! ..." and not the Error-Message: "Your connection is not private...."
I also want to unterstand why I get different messages.
-
@Luckypete97 said in Block Facebook.com:
Yes this is true but I would like to get always the Error-Message: "this website[...] has been blocked by the Network Administrator! ..." and not the Error-Message: "Your connection is not private...."
I also want to unterstand why I get different messages.
Only BBcan177 can answer this as I have noticed that also; however, to me not going to the site is more important.
-
Browser detects MITM, that is not pfblocker's fault, it's just like https works.
-
@mcury So, are you saying the browser reacts first before it gets to pfBlockerNG? That seems to make sense!
-
There is a certificate when the connection goes through https.
The site you are calling in your browser is facebook.com, your browser is expecting to receive a response from facebook.com
The certificate presented by the website, should contain the same name you called, in this case, facebook.com.Pfblocker is trying to present you a block page, that doesn't is facebook, so your browser cuts the connection.
ps: sorry for my english
-
Basically you need to trust the pfBlocker self signed cert.
http:-
https:-
Notice the padlock ?
-
I don't think that will help either, see, the pfblocker certificate doesn't contain the facebook.com as a valid dns name.
Check the facebook certificate for the part: DNS alternative names
-
-
So, it worked with safari, how about firefox, or chrome?
-
Don't they both do DNS over HTTPS, so they'd bypass pfBlocker ?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
You can disable that behavior
-
If you have firefox or chrome installed
-
@NogBadTheBad yeah :) only in that case.
-
@NogBadTheBad said in Block Facebook.com:
Don't they both do DNS over HTTP, so they'd bypass pfBlocker ?
@mcury said in Block Facebook.com:
You can disable that behavior
Yes, I have disabled the behavior in Firefox and I mostly use Firefox and sometimes Safari. However, not in all cases I get "site had been blocked by network admin" sometimes I get a blank page...so; I just edit CN-DNSBL to trust it in Firefox.
-
My previous tests with firefox didn't work.
My best guess is that firefox was trying to compare the fqdn called with the server CN and/or dns alternatives.
Remember, I'm not a specialist, and I could be wrong, so don't take everything I said as a last word.I was facing a lot of issues to get my LE certificate to work, and to get that, I had to add in my certificate, all my subdomains as alternative names.
If Firefox is working today, with dnsblocker webpage for https, it's good to know, maybe I'll try it later :)
-
@mcury Yes, it's working with Firefox...
-
@NollipfSense I'll for sure try to import the DNSBL cert to my browser later in the day.
My dns over https is also disabled :)
