How to block secure websites (like Social, sports ,music etc).



  • Hi All,
    i want to block some secure websites (like Social, sports ,music etc). Please guide me how we block these websites. I Want to block secure websites according to configure rules in squidguard.
    Thanks



  • Nobody has any idea about this??? @Gertjan



  • Hi @itsupport_debut We have face same problem also. I want to block some secure websites like Sports and i have already configure SquidGuard also but unable to block Secure websites.



  • Nobody has replied because this request is somewhere between extrememly hard and nearly impossible to accomplish in today's Internet environment with all the encryption and CDNs (Content Distribution Networks) used by tons of web sites.

    Unless you install a MITM (Man-in-the-Middle) proxy you can't see the cleartext traffic of HTTPS web traffic. That makes is quite hard to block based solely on the content. Furthermore, even attempting to block based only on IP addresses is made very difficult by the fact sites usually serve content from many IP networks via CDNs. And those CDNs carry all kinds of traffic, some of which you may not want to block but it will all be coming from the same IP network blocks.

    Policing Internet usage should begin with clearly defining expected behavior to the humans viewing the content and also providing clear punishments of some type for knowing violations. Trying to police it with technology is likely to be only marginally successful.

    Yes, there are lists of IPs to ban and all kinds of vendors promising a magic elixir, but none is foolproof. And many times you will spend hours chasing down why web sites you want to allow in are getting blocked by something in these magic elixir tools.


  • Galactic Empire

    @bmeeks said in How to block secure websites (like Social, sports ,music etc).:

    Policing Internet usage should begin with clearly defining expected behavior to the humans viewing the content and also providing clear punishments of some type for knowing violations. Trying to police it with technology is likely to be only marginally successful.

    You may be able to do it with Shallalist or UT1 in pfBlockerNG, but you will need loads of memory.

    Firewall -> pfBlockerNG -> DNSBL -> DNSBL Category

    As @bmeeks these lists aren't foolproof.


  • LAYER 8 Global Moderator

    Its also possible since your post has only been 1 day. And is in the wrong section... Your asking about how to filter https with squidguard.. Not Firewall..

    Blocking only specific https sites with a firewall that are hosted off CDNs yeah going to be very difficult.. But blocking via proxy is not that difficult, you don't need to do mitm if your using explicit proxy (ie client directed to the proxy). But if doing it via transparent - then yes it becomes more difficult

    I have moved your thread to correct area so you might get an answer on how to do it with squidguard... But then again they prob just going tell you to RTFM ;)

    For example check out the hangout by jimp - he goes over all the different way to filter https traffic
    From the hangout
    https://youtu.be/xm_wEezrWf4
    hangout.png

    Moving to proxy section.


Log in to reply