• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Possible to block certain websites using URL ?

Scheduled Pinned Locked Moved Firewalling
firewallblockwebsiteaclaccess control
6 Posts 3 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dr_tech
    last edited by Sep 11, 2020, 6:20 PM

    I am aware that most websites today use some form of proxy / load balancer / CDN, so is it possible (without using any specific packages) to block certain websites using just their URL ?

    I earlier had a Sophos Web Appliance, and it successfully blocked all connections to a certain domain name, just by listing the domains in the blacklist section, is something similar possible in pfSense too ?

    (I know squidguard is an option).

    D 1 Reply Last reply Sep 11, 2020, 6:42 PM Reply Quote 0
    • D
      DaddyGo @dr_tech
      last edited by DaddyGo Sep 11, 2020, 6:46 PM Sep 11, 2020, 6:42 PM

      @dr_tech said in Possible to block certain websites using URL ?:

      is something similar possible in pfSense too ?

      Hi Doctor, 😉

      Yes it is possible, it has several forms.
      Squid proxy, although this can be a bit cumbersome.
      The pfBlockerNG -devel with your own DNSBL list....

      I suggest the latter solution, if you have your own idea of the sites to be blocked, if you want to block Youtube, FB, etc. then openappid + snort can also be a solution.

      +++edit:
      The https + MITM part of Squid require advanced training and can be difficult to make it work properly

      Cats bury it so they can't see it!
      (You know what I mean if you have a cat)

      D 2 Replies Last reply Sep 11, 2020, 6:54 PM Reply Quote 0
      • D
        dr_tech @DaddyGo
        last edited by Sep 11, 2020, 6:54 PM

        @DaddyGo said in Possible to block certain websites using URL ?:

        The pfBlockerNG -devel with your own DNSBL list

        Thanks, I'll try that out !

        I have earlier used Squid with a certificate from my own CA, but if someone brings over a new device which does not trust my root CA, it throws off warnings, which is quite a nuisance to explain to each new user / guest.

        1 Reply Last reply Reply Quote 0
        • D
          dr_tech @DaddyGo
          last edited by Sep 12, 2020, 12:25 PM

          @DaddyGo
          So I've successfully setup pfBlockerNG and it is indeed blocking the websites I need to filter.

          However, I need that some whitelisted IPs should be able to access all websites, bypassing pfBlockerNG in some way. Is such a provision available ?

          D 1 Reply Last reply Sep 12, 2020, 1:11 PM Reply Quote 0
          • ?
            A Former User
            last edited by Sep 12, 2020, 1:10 PM

            https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/58

            1 Reply Last reply Reply Quote 0
            • D
              DaddyGo @dr_tech
              last edited by DaddyGo Sep 12, 2020, 1:12 PM Sep 12, 2020, 1:11 PM

              @dr_tech said in Possible to block certain websites using URL ?:

              Is such a provision available ?

              Yes, I thought pfBlockerNG would be a good solution. 😉
              See the answer to your question at the attached link:
              https://forum.netgate.com/topic/138029/acl-s-support

              In particular, focus on the recommendation of @BBcan177 (maintainer and creator of pfBlockerNG)

              Cats bury it so they can't see it!
              (You know what I mean if you have a cat)

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received