Blocking Https..Help !

Discussion in 'Computing and Networks' started by YazanJuve, Feb 16, 2011.

  1. YazanJuve

    Thread Starter New Member

    Dec 13, 2009
    28
    0
    Hello Everybody :)

    Well I am lost and I need some help here...

    In my company we need to block https sites such as Facebook and YouTube but our firewall doesn't seem to do that. It only blocks http sites.

    I don't want to use OpenDNS and I am seeking better solutions.

    Please help :confused:
     
  2. nerdegutta

    Moderator

    Dec 15, 2009
    2,515
    784
    What kind of hardware and software do you have?

    Is it possible to block the domain name, and not the protocol type?
     
  3. YazanJuve

    Thread Starter New Member

    Dec 13, 2009
    28
    0
    We have IPCop firewall...

    and i blocked facebook.com and youtube.com domains but still no luck :(
     
  4. nerdegutta

    Moderator

    Dec 15, 2009
    2,515
    784
    In IPCop:

    Service -> proxy->Check URL filter enabled.

    Save

    Service -> URL Filter -> in the Custom blacklist write

    youtube.com
    facebook.com

    Further down the page:

    Block page settings:

    Redirect to this url: <insert url to be redirected to here...>


    Save and restart.

    [​IMG]
     
    Last edited: Feb 16, 2011
  5. AlexR

    Well-Known Member

    Jan 16, 2008
    735
    54
    The simple solution would seem to be block all traffic to and from tcp port 443 which is the usual https port.
     
  6. YazanJuve

    Thread Starter New Member

    Dec 13, 2009
    28
    0
    Ok, well I have proxy enabled in IPCop and I have URLfilter enabled also...

    If I used normal blacklist it won't block https and also I can't block https port since we have some sites that use https protocol.

    Any ideas about DNS level blocking? The DNS records are from the ISP.

    Another issue...When I enable the proxy, the internet connection goes down.

    even though IPCop shows that it's connected but can't access sites...would clear cache fix this?

    Thanks,
     
  7. dlaw

    New Member

    Oct 29, 2015
    2
    0
  8. joeyd999

    AAC Fanatic!

    Jun 6, 2011
    2,673
    2,712
    If you block all http and https traffic, how is this so different than just pulling the plug?
     
  9. dlaw

    New Member

    Oct 29, 2015
    2
    0
    Joey, the intent was to be able to only allow a select set of websites to be used. In my case, it was for a work computer, and we didn't want people reading the gmail, posting on facebook, and watching porn.

    The only way the URL filter can block select domains (or allow select domains) is if you force all the HTTPS traffic through the web proxy.

    Don
     
  10. tom_s

    Member

    Jun 27, 2014
    285
    333
    modify hosts file on each ms pc (example - facebook ipv4)

    127.0.0.1 facebook.com
    127.0.0.1 www.facebook.com
    127.0.0.1 login.facebook.com
    127.0.0.1 www.login.facebook.com
    127.0.0.1 fbcdn.net
    127.0.0.1 www.fbcdn.net
    127.0.0.1 fbcdn.com
    127.0.0.1 www.fbcdn.com
    127.0.0.1 static.ak.fbcdn.net
    127.0.0.1 static.ak.connect.facebook.com
    127.0.0.1 connect.facebook.net
    127.0.0.1 www.connect.facebook.net
    127.0.0.1 apps.facebook.com

    gmail.. well that would just be silly.

    who checks their gmail while working (or driving)?
     
  11. joeyd999

    AAC Fanatic!

    Jun 6, 2011
    2,673
    2,712
    So, what's the point of going to work, then?

    Edit: I just realized this thread was started in 2011. Ooops.
     
  12. tom_s

    Member

    Jun 27, 2014
    285
    333
    missed that :/
     
  13. Papabravo

    Expert

    Feb 24, 2006
    10,135
    1,786
    A company that can't trust it's employees and treat them like adults is on the fast track to economic annihilation. How 20th Century of you. Good riddance to all corporate tinpot dictators. Oh, and lest I forget, a pox on your enablers!
     
  14. tom_s

    Member

    Jun 27, 2014
    285
    333
    [grin] i have to disagree what that pop's.

    what they do on their own devices, doesn't matter.

    but not on company devices
     
  15. Papabravo

    Expert

    Feb 24, 2006
    10,135
    1,786
    I'm here to testify, brother, that ignoring all that "I am in control" BS makes for happy, healthy, productive, and motivated employees. When you're the boss you get to decide policy. You decide it your way and I'll decide it mine. The only way to keep score is to see which company is flourishing and which one is on the ropes or in bankruptcy.
     
Loading...