Blocking Https..Help !

Thread Starter

YazanJuve

Joined Dec 13, 2009
25
Hello Everybody :)

Well I am lost and I need some help here...

In my company we need to block https sites such as Facebook and YouTube but our firewall doesn't seem to do that. It only blocks http sites.

I don't want to use OpenDNS and I am seeking better solutions.

Please help :confused:
 

nerdegutta

Joined Dec 15, 2009
2,684
In IPCop:

Service -> proxy->Check URL filter enabled.

Save

Service -> URL Filter -> in the Custom blacklist write

youtube.com
facebook.com

Further down the page:

Block page settings:

Redirect to this url: <insert url to be redirected to here...>


Save and restart.

 
Last edited:

AlexR

Joined Jan 16, 2008
732
The simple solution would seem to be block all traffic to and from tcp port 443 which is the usual https port.
 

Thread Starter

YazanJuve

Joined Dec 13, 2009
25
Ok, well I have proxy enabled in IPCop and I have URLfilter enabled also...

If I used normal blacklist it won't block https and also I can't block https port since we have some sites that use https protocol.

Any ideas about DNS level blocking? The DNS records are from the ISP.

Another issue...When I enable the proxy, the internet connection goes down.

even though IPCop shows that it's connected but can't access sites...would clear cache fix this?

Thanks,
 

dlaw

Joined Oct 29, 2015
0
Joey, the intent was to be able to only allow a select set of websites to be used. In my case, it was for a work computer, and we didn't want people reading the gmail, posting on facebook, and watching porn.

The only way the URL filter can block select domains (or allow select domains) is if you force all the HTTPS traffic through the web proxy.

Don
 

tom_s

Joined Jun 27, 2014
288
modify hosts file on each ms pc (example - facebook ipv4)

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 connect.facebook.net
127.0.0.1 www.connect.facebook.net
127.0.0.1 apps.facebook.com

gmail.. well that would just be silly.

who checks their gmail while working (or driving)?
 

Papabravo

Joined Feb 24, 2006
19,617
A company that can't trust it's employees and treat them like adults is on the fast track to economic annihilation. How 20th Century of you. Good riddance to all corporate tinpot dictators. Oh, and lest I forget, a pox on your enablers!
 

tom_s

Joined Jun 27, 2014
288
[grin] i have to disagree what that pop's.

what they do on their own devices, doesn't matter.

but not on company devices
 

Papabravo

Joined Feb 24, 2006
19,617
I'm here to testify, brother, that ignoring all that "I am in control" BS makes for happy, healthy, productive, and motivated employees. When you're the boss you get to decide policy. You decide it your way and I'll decide it mine. The only way to keep score is to see which company is flourishing and which one is on the ropes or in bankruptcy.
 
Top