Block Facebook.com
-
Browser detects MITM, that is not pfblocker's fault, it's just like https works.
-
@mcury So, are you saying the browser reacts first before it gets to pfBlockerNG? That seems to make sense!
-
There is a certificate when the connection goes through https.
The site you are calling in your browser is facebook.com, your browser is expecting to receive a response from facebook.com
The certificate presented by the website, should contain the same name you called, in this case, facebook.com.Pfblocker is trying to present you a block page, that doesn't is facebook, so your browser cuts the connection.
ps: sorry for my english
-
Basically you need to trust the pfBlocker self signed cert.
http:-
https:-
Notice the padlock ?
-
I don't think that will help either, see, the pfblocker certificate doesn't contain the facebook.com as a valid dns name.
Check the facebook certificate for the part: DNS alternative names
-
-
So, it worked with safari, how about firefox, or chrome?
-
Don't they both do DNS over HTTPS, so they'd bypass pfBlocker ?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
You can disable that behavior
-
If you have firefox or chrome installed
-
@NogBadTheBad yeah :) only in that case.
-
@NogBadTheBad said in Block Facebook.com:
Don't they both do DNS over HTTP, so they'd bypass pfBlocker ?
@mcury said in Block Facebook.com:
You can disable that behavior
Yes, I have disabled the behavior in Firefox and I mostly use Firefox and sometimes Safari. However, not in all cases I get "site had been blocked by network admin" sometimes I get a blank page...so; I just edit CN-DNSBL to trust it in Firefox.
-
My previous tests with firefox didn't work.
My best guess is that firefox was trying to compare the fqdn called with the server CN and/or dns alternatives.
Remember, I'm not a specialist, and I could be wrong, so don't take everything I said as a last word.I was facing a lot of issues to get my LE certificate to work, and to get that, I had to add in my certificate, all my subdomains as alternative names.
If Firefox is working today, with dnsblocker webpage for https, it's good to know, maybe I'll try it later :)
-
@mcury Yes, it's working with Firefox...
-
@NollipfSense I'll for sure try to import the DNSBL cert to my browser later in the day.
My dns over https is also disabled :)
