Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block traffic from specific sites.

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cylent
      last edited by

      this may sound too easy for some but its not something i can figure out.

      lets say i want to block

      windowsupdate.com
      or download.windowsupdate.com
      or phobos.apple.com

      the problem is these sites dont have one ip address. most have 10 or even more and theres no way to figure them all out to drop traffic from one or two ips.

      i found a method to use the dns forwarder and add a 127.0.0.1 to a domain however…
      what do you do when you have a1410.phobos.apple.com and then it changes to a736.phobos.apple.com

      obviously here i dont want to block all apple.com.... just these update sites.

      please advise.

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        Probably the easiest way would be to create bogus wildcard DNS records.

        1 Reply Last reply Reply Quote 0
        • C
          cylent
          last edited by

          that sounds great but i wouldnt know how to do that.

          for example my top taffic sites according to lightsquid are:

          ardownload.adobe.com
          a1410.phobos.apple.com
          au.download.windowsupdate.com
          swcdn.apple.com
          a474.phobos.apple.com
          wl.dlservice.microsoft.com

          as you can see from above phobos.apple.com has two links above. and more and more.

          my users are literally ignorant. they dont know even basic computer knowledge. and because i set speed limits for their internet access they will complain their connection is slow. little do they know that their computer is running an update in the background sucking the speed thats allowed to them.

          1 Reply Last reply Reply Quote 0
          • M
            mibovrd
            last edited by

            Services -> Proxy Server -> Access Control tab -> Blacklist Box

            (^|.)windowsupdate.com$
            (^|.)download.windowsupdate.com$
            (^|.)phobos.apple.com$

            Tweet: MIBovrd@cqrite http://www.cqrite.com

            1 Reply Last reply Reply Quote 0
            • C
              cylent
              last edited by

              Thank you.

              can you please tell me how to enter in these characters so i can make my own syntax?

              also

              is there a file squid uses to show the blocked sites in a log?

              1 Reply Last reply Reply Quote 0
              • M
                mibovrd
                last edited by

                Sorry, not sure what you mean? Type them, as you see them in the Blacklist Box.

                Select - Services -> Proxy Server -> Access Control tab -> Blacklist Box

                here is another couple you might want to try from your list.

                (^|.)dlservice.microsoft.com$
                (^|.)swcdn.apple.com$
                (^|.)ardownload.adobe.com$

                The characters are regular expressions: the backslash is a delimiter for the '.' because it is a reserved character.
                the '^' matches anything in front of the line with a '.'
                The '$' matches anything after.
                in syslog?

                Tweet: MIBovrd@cqrite http://www.cqrite.com

                1 Reply Last reply Reply Quote 0
                • C
                  cylent
                  last edited by

                  ya what i mean is how do you know the characters.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mibovrd
                    last edited by

                    As I said they are 'regular expressions' used in unix and other OS's. Many OS's use a subset of the main expressions. A Google search for them will reveal many examples.

                    regular-expressions-cheat-sheet.png
                    regular-expressions-cheat-sheet.png_thumb

                    Tweet: MIBovrd@cqrite http://www.cqrite.com

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.