Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to block certain websites using URL ?

    Firewalling
    firewall block website acl access control
    3
    6
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dr_tech
      last edited by

      I am aware that most websites today use some form of proxy / load balancer / CDN, so is it possible (without using any specific packages) to block certain websites using just their URL ?

      I earlier had a Sophos Web Appliance, and it successfully blocked all connections to a certain domain name, just by listing the domains in the blacklist section, is something similar possible in pfSense too ?

      (I know squidguard is an option).

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @dr_tech
        last edited by DaddyGo

        @dr_tech said in Possible to block certain websites using URL ?:

        is something similar possible in pfSense too ?

        Hi Doctor, ๐Ÿ˜‰

        Yes it is possible, it has several forms.
        Squid proxy, although this can be a bit cumbersome.
        The pfBlockerNG -devel with your own DNSBL list....

        I suggest the latter solution, if you have your own idea of the sites to be blocked, if you want to block Youtube, FB, etc. then openappid + snort can also be a solution.

        +++edit:
        The https + MITM part of Squid require advanced training and can be difficult to make it work properly

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        D 2 Replies Last reply Reply Quote 0
        • D
          dr_tech @DaddyGo
          last edited by

          @DaddyGo said in Possible to block certain websites using URL ?:

          The pfBlockerNG -devel with your own DNSBL list

          Thanks, I'll try that out !

          I have earlier used Squid with a certificate from my own CA, but if someone brings over a new device which does not trust my root CA, it throws off warnings, which is quite a nuisance to explain to each new user / guest.

          1 Reply Last reply Reply Quote 0
          • D
            dr_tech @DaddyGo
            last edited by

            @DaddyGo
            So I've successfully setup pfBlockerNG and it is indeed blocking the websites I need to filter.

            However, I need that some whitelisted IPs should be able to access all websites, bypassing pfBlockerNG in some way. Is such a provision available ?

            DaddyGoD 1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/58

              1 Reply Last reply Reply Quote 0
              • DaddyGoD
                DaddyGo @dr_tech
                last edited by DaddyGo

                @dr_tech said in Possible to block certain websites using URL ?:

                Is such a provision available ?

                Yes, I thought pfBlockerNG would be a good solution. ๐Ÿ˜‰
                See the answer to your question at the attached link:
                https://forum.netgate.com/topic/138029/acl-s-support

                In particular, focus on the recommendation of @BBcan177 (maintainer and creator of pfBlockerNG)

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.