Blocking facebook
-
I have blocked facebook in Pfsense, but still people are able to access Facebook when they try https. How to ensure facebook is blocked even when tried to access via https? I don't want to block port 443 in Pfsense Firewall since we need to open lots of URLs running on https. Can anybody suggest a way?
-
If you are using pfSense 1.2.x you could use the DNS Blacklist package to block certain URLs.ย Unfortunately the package hasn't been updated for pfSense 2.0 yet.ย Hopefully the author will update it soon.
-
I found an option from the forum itself. Go to http://forum.pfsense.org/index.php/topic,34321.0.html. Also I added another IP range 69.171.224.0/19 since Facebook also uses this range. Now, the Facebook is entirely blocked unless they add another network.
-
Try several more:
69.63.176.0/20 66.220.144.0/20 204.15.20.0/22 69.171.224.0/19 74.119.76.0/22 173.252.64.0/18
http://whois.arin.net/rest/org/THEFA-3/nets
-
Thx a lot Jimp. I added Facebook in dns forwarding and is now forwarding it to my local IP. This has disabled Facebook completely.
-
Thx a lot Jimp. I added Facebook in dns forwarding and is now forwarding it to my local IP. This has disabled Facebook completely.
If you do that, make sure you also block access to outside/external DNS servers, or someone can just hardcode the DNS on their PC to get past that.
-
Already done that. Thx for advice Jimp.
-
And leave your IP blocking in place against the sneaky people who edit their hosts file :)
-
Or people who just keep an IP handy for facebook.com cause they are that addicted. :p
You should point facebook.com to an internal webserver that brings up a page with a page that says get back to work! ;)
-
What about all the web auto-proxy services that will not use facebook's IPs or DNS? You'll need some internal monitoring to catch those, unless you manually blacklist all of them.
-
There are only so many technical solutions to a social/HR problem. No technical solution will ever be perfect.
If you put up all of these barriers and someone still gets on Facebook, they should be disciplined/fired/etc.
They'll probably give up doing it on the PC and just use Facebook on their smartphones all day anyhow.
-
A much more succinct version of what I was getting at, Jimp.
I'm going to use that line next time a client asks me to block site <whatever>. They've got to change the culture rather than rely on a lazy technical solution.</whatever>
