4. HTTPS by ip notblocked

HTTPS by ip notblocked

  • C

    Hi I am trying to block https sites from firewall  using the sites IP but for some reasom http sites by ip I tried for testing get blocked fine but https by IP still do not block.
    Iam going to the firewall
    1 block
    2 lan
    3tcp/udp
    4 single host/aliases
    ports any
    any help? thanks regards Chris
    by the way I looked up all the sites ip example facebook from dnslookup whois and pin the site so all are saved in a alias I created

    0
  • H

    Many popular HTTPS sites, like Facebook, have tens of thousands of IP addresses that are potentially changing. What IP you see is probably not the same IP someone else will see. When I ping Google, I get a different IP than if my wife pings Google.

    0
  • C

    @Harvy66:

    Many popular HTTPS sites, like Facebook, have tens of thousands of IP addresses that are potentially changing. What IP you see is probably not the same IP someone else will see. When I ping Google, I get a different IP than if my wife pings Google.

    Thank you for your answer that makes a lot of sense. So I do not think right now there is a way to block https sites?  I have set pfsense for a sunday church school and they wanted to block facebook and youtube just at surtin days and times not  the hole time, I was going to use open dns but that will block all the days and time

    0

  • Yuu will need to use a helper such as squid/squidGuard, or pgBlockerNG to handle that.  Just trying to block based on manually entering IP addresses can be an exercise in futility.

    0
  • C

    @KOM:

    Yuu will need to use a helper such as squid/squidGuard, or pgBlockerNG to handle that.  Just trying to block based on manually entering IP addresses can be an exercise in futility.

    Hi thank you for your help I have squid3 and squidguard in transparent mode but they do not block https just http,  do you maybe have some steps  on how to do so with squid or pfblocker? thank you again

    0

  • Don't run squid in transparent mode.  Run it in explicit mode, block off TCP 80/443 and force everyone through the proxy.  Then you can filter HTTPS.  Search the forums for more details about pfBlockerNG as I don't use that and can't help you with it.  The Cache/Proxy forum is the best place for squid questions, and the IDS/IPS forum for pfBlockerNG.

    0
  • C

    Hi thank you again for all your replies you are a real great help on these forums, just last question if I run squid in explised  mode how will I force devices to go threw the proxy? people here bring there pwn devices so I cant modify there browsers

    0

  • Well, you can try WPAD, or just tell them the proxy address & port and make them use it or else they have no Internet access.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy