Block only google drive upload



  • Hi

    I would block upload file to cloud provider sush as Dropbox, Google Drive, etc

    I can block dropbox traffic

    but , with google drive , i think it is not easy, many web site is in the same ip range with drive (youtube , google doc , ...)

    how i can block only google drive ?

    Thank You



  • You somewhat answered you own question with these words:

    %(#e00038)[not easy, many web site is in the same ip range with drive (youtube , google doc , ...)]

    You need a DPI (deep packet inspection) engine to accomplish this and possibly even a MITM (man-in-the-middle) certificate proxy system so you can inspect payloads in cleartext. You could try the OpenAppID functionality within the Snort package, but I don't recall if there are any existing Google Drive rules in that rule set.



  • Hi,

    Well ... as you said yourself, you can't use destination-IP-list discrimination, otherwise it would be as easy of finding all the Google-drive IP's, throwing them in an Firewall alias and using this alias in a firewall block rule.
    Although I do think that Google services like the web search egnin, Youtube, Gmail, etc do not use the same IP's as Google drive.

    The next step would be : finding out what Google drive (for example : login phase) packets have in common : this means your have to to filter on IDS/IPS level - see the sub forum for information. This can be done, and certainly not in a lost afternoon.
    See also this one to get the picture.

    edit : @bmeeks types faster ^^



  • If it's as simple as drive.google.com, you could set the Domain Override in Services -> DNS Forwarder to resolve it to nothing. That's the "!" character in that entry.

    I say simple above, but it's probably not that cut-and-dry... I don't know for sure if google drive has a much larger reach, domain or IP address-wise.

    Read more about dns forwarder here:
    https://docs.netgate.com/pfsense/en/latest/dns/dns-forwarder.html

    Jeff


Log in to reply