Possible to block certain websites using URL ?
-
I am aware that most websites today use some form of proxy / load balancer / CDN, so is it possible (without using any specific packages) to block certain websites using just their URL ?
I earlier had a Sophos Web Appliance, and it successfully blocked all connections to a certain domain name, just by listing the domains in the blacklist section, is something similar possible in pfSense too ?
(I know squidguard is an option).
-
@dr_tech said in Possible to block certain websites using URL ?:
is something similar possible in pfSense too ?
Hi Doctor,
Yes it is possible, it has several forms.
Squid proxy, although this can be a bit cumbersome.
The pfBlockerNG -devel with your own DNSBL list....I suggest the latter solution, if you have your own idea of the sites to be blocked, if you want to block Youtube, FB, etc. then openappid + snort can also be a solution.
+++edit:
The https + MITM part of Squid require advanced training and can be difficult to make it work properly -
@DaddyGo said in Possible to block certain websites using URL ?:
The pfBlockerNG -devel with your own DNSBL list
Thanks, I'll try that out !
I have earlier used Squid with a certificate from my own CA, but if someone brings over a new device which does not trust my root CA, it throws off warnings, which is quite a nuisance to explain to each new user / guest.
-
@DaddyGo
So I've successfully setup pfBlockerNG and it is indeed blocking the websites I need to filter.However, I need that some whitelisted IPs should be able to access all websites, bypassing pfBlockerNG in some way. Is such a provision available ?
-
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/58
-
@dr_tech said in Possible to block certain websites using URL ?:
Is such a provision available ?
Yes, I thought pfBlockerNG would be a good solution.
See the answer to your question at the attached link:
https://forum.netgate.com/topic/138029/acl-s-supportIn particular, focus on the recommendation of @BBcan177 (maintainer and creator of pfBlockerNG)