How to block https://facebook.com
-
Hello
I was wondering if anyone have figured out a way to block https://facebook.com?
I have managed to block http://facebook.com, using Proxy server - access control…
but it's just not worth blocking if they can just type in a "s" after "http"...Thanks in advance!
-Andrew -
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
-
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
Is there any easier way? If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc. -
Is there any easier way?
No. Transparent proxy can't intercept https communications.
If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.pac does not slow down logon time.
Folow this tutorial skiping Active directory configuration, do only dns + dhcp
http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html
-
Moving from transparent proxy to an auto-detect won't slow things down.
-
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
where is the options ?
tks! -
You need to configure it both in the proxy (remove the transparent option) and in the browser's own proxy settings (and optionally in DNS). You'll also need to have a web server host the WPAD file - Wikipedia has more.
-
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.
Is there any easier way? If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.
Another easy way would be to "blackhole" facebook.com using pfsense's DNS forwarder to create a DNS override to some "other" IP (this only works as long as people can't manually configure their devices to use a 3rd party DNS - so you may have to block 3rd party DNS servers)
Finally you can do "generic" URL filtering e.g. with squid/squidguard but to catch https would require you to configure them via WPAD/PAC to use your proxy, as explained by others.
-
The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.
I already try with below IP, but floating o lan rule don't work !
-
no idea?
-
A single rule on lan denying access to your alias should work.
Also include apps.facebook.com name on your alias.
To use wpad/pac, follow this tutorial skiping active directory configuration
http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html
-
I'm using the recent version 2.0.1
how do i block facebook in that version?
-
Create a firewall alias with facebook hostnames and/or ip ranges and then apply it on a firewall -> rule on lan interface.
-
here is screenshot of by Fbook aliases works fine
and rule on LAN
-
Hai all, blocking https://www.facebook.com is working for me, but how to block only http://apps.facebook.com & https://apps.facebook.com without blocking normal facebook.com ? :)
-
You can try with a proxy server instead of firewall rules but I'm not sure if you can block apps.facebook without blocking facebook at all.
-
Create a firewall alias with facebook hostnames and/or ip ranges and then apply it on a firewall -> rule on lan interface.
Hi,
I tried the same in transperent proxy but it is not working for https.thanks in advance
-
here is screenshot of by Fbook aliases works fine
and rule on LANHi, I tried the same but it is nor working in transperent proxy.
any help.. -
transparent + https isn't going to work. firewall rules with alias and https will do the work
-
IF you want my advice.. I use Squid with Squid Guard to block Facebook and other social media websites. But i understand it can get complicated. A really easy solution is to use opendns.com which is truely amazing with the amount of protection you can get for your network.
