HTTPS by ip notblocked
-
Hi I am trying to block https sites from firewall using the sites IP but for some reasom http sites by ip I tried for testing get blocked fine but https by IP still do not block.
Iam going to the firewall
1 block
2 lan
3tcp/udp
4 single host/aliases
ports any
any help? thanks regards Chris
by the way I looked up all the sites ip example facebook from dnslookup whois and pin the site so all are saved in a alias I created -
Many popular HTTPS sites, like Facebook, have tens of thousands of IP addresses that are potentially changing. What IP you see is probably not the same IP someone else will see. When I ping Google, I get a different IP than if my wife pings Google.
-
Many popular HTTPS sites, like Facebook, have tens of thousands of IP addresses that are potentially changing. What IP you see is probably not the same IP someone else will see. When I ping Google, I get a different IP than if my wife pings Google.
Thank you for your answer that makes a lot of sense. So I do not think right now there is a way to block https sites? I have set pfsense for a sunday church school and they wanted to block facebook and youtube just at surtin days and times not the hole time, I was going to use open dns but that will block all the days and time
-
Yuu will need to use a helper such as squid/squidGuard, or pgBlockerNG to handle that. Just trying to block based on manually entering IP addresses can be an exercise in futility.
-
@KOM:
Yuu will need to use a helper such as squid/squidGuard, or pgBlockerNG to handle that. Just trying to block based on manually entering IP addresses can be an exercise in futility.
Hi thank you for your help I have squid3 and squidguard in transparent mode but they do not block https just http, do you maybe have some steps on how to do so with squid or pfblocker? thank you again
-
Don't run squid in transparent mode. Run it in explicit mode, block off TCP 80/443 and force everyone through the proxy. Then you can filter HTTPS. Search the forums for more details about pfBlockerNG as I don't use that and can't help you with it. The Cache/Proxy forum is the best place for squid questions, and the IDS/IPS forum for pfBlockerNG.
-
Hi thank you again for all your replies you are a real great help on these forums, just last question if I run squid in explised mode how will I force devices to go threw the proxy? people here bring there pwn devices so I cant modify there browsers
-
Well, you can try WPAD, or just tell them the proxy address & port and make them use it or else they have no Internet access.
