pfSense Gold Subscription

Author Topic: https://www.facebook .com is working even i blocked facebook by proxy filtering  (Read 17800 times)

0 Members and 1 Guest are viewing this topic.

Offline aby

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
https://www.facebook .com is working even i blocked facebook by proxy filtering.what should i do to block this??/

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Put the IP ranges of Facebook e.g.

66.220.144.0/21   Facebook, Inc.
66.220.152.0/21   Facebook, Inc.
69.63.176.0/21   Facebook, Inc.
69.63.184.0/21   Facebook, Inc.
69.171.224.0/20   Facebook, Inc.
69.171.239.0/24   Facebook, Inc.
69.171.240.0/20   Facebook, Inc.

in a pfsense Alias e.g. FBNets, and then add a firewall rule to block traffic to FBNets for ports 80 & 443.

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Are you forcing people to use the proxy? How have you blocked Facebook?
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
You can't proxy https trafic so you have to use aliases as dhatz sayed

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
You can proxy HTTPS traffic (using the CONNECT method), but the proxy only gets to know the hostname being connected to. This means that, if correctly configured, you can block HTTPS traffic.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
You can proxy HTTPS traffic (using the CONNECT method), but the proxy only gets to know the hostname being connected to. This means that, if correctly configured, you can block HTTPS traffic.

Ok this was new to me, so i'll check this little further when i got some time

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
If you think about it, how else could you configure a proxy for use in your browser (check it's settings)?
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline aby

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
can any one tell me how to make this stuff using aliases????

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Doing aliases you have to create a new alias, of type net, add all the hosts and their ips and then place a rule in the LAN to block traffic to that alias.
This is useful also to avoid people being blocked from the proxy but being able to use the chat or other applications.