How can I block websocket protocol with pfsense?



  • I've seen some corporate on-prem networks block websockets protocol and I'd like to create a test lab with pfsense configured in such a way.  How can I block websockets?  I've searched and can't seem to find a way to do this.


  • Netgate Administrator

    You could probably block it with Snort given enough tuning. Snort was triggering on that anyway at one time.

    Possibly OpenAppID though I don't see a definition for that.

    Steve



  • Websocket runs over standard HTTP/S connection, so your only option is DPI systems.
    Snort and, probably, Squid (denying Upgrade request).