next »

[aby]

https://www.facebook .com is working even i blocked facebook by proxy filtering.what should i do to block this??/

[dhatz]

Put the IP ranges of Facebook e.g.

66.220.144.0/21   Facebook, Inc.
66.220.152.0/21   Facebook, Inc.
69.63.176.0/21   Facebook, Inc.
69.63.184.0/21   Facebook, Inc.
69.171.224.0/20   Facebook, Inc.
69.171.239.0/24   Facebook, Inc.
69.171.240.0/20   Facebook, Inc.

in a pfsense Alias e.g. FBNets, and then add a firewall rule to block traffic to FBNets for ports 80 & 443.

[Cry Havok]

Are you forcing people to use the proxy? How have you blocked Facebook?

[Metu69salemi]

You can't proxy https trafic so you have to use aliases as dhatz sayed

[Cry Havok]

You can proxy HTTPS traffic (using the CONNECT method), but the proxy only gets to know the hostname being connected to. This means that, if correctly configured, you can block HTTPS traffic.

[Metu69salemi]

You can proxy HTTPS traffic (using the CONNECT method), but the proxy only gets to know the hostname being connected to. This means that, if correctly configured, you can block HTTPS traffic.

Ok this was new to me, so i'll check this little further when i got some time

[Cry Havok]

If you think about it, how else could you configure a proxy for use in your browser (check it's settings)?

[aby]

can any one tell me how to make this stuff using aliases?

[fluca1978]

Doing aliases you have to create a new alias, of type net, add all the hosts and their ips and then place a rule in the LAN to block traffic to that alias.
This is useful also to avoid people being blocked from the proxy but being able to use the chat or other applications.