pfSense Support Subscription

Author Topic: How to block https://facebook.com  (Read 24039 times)

0 Members and 1 Guest are viewing this topic.

Offline plankton

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
How to block https://facebook.com
« on: February 15, 2012, 06:04:00 am »
 Hello

I was wondering if anyone have figured out a way to block https://facebook.com?

I have managed to block http://facebook.com, using Proxy server - access control...
but it's just not worth blocking if they can just type in a "s" after "http"...

Thanks in advance!
-Andrew

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #1 on: February 15, 2012, 06:16:48 am »
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.

Offline plankton

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #2 on: February 15, 2012, 06:41:23 am »
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.

Is there any easier way? If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #3 on: February 15, 2012, 06:52:44 am »
Is there any easier way?
No. Transparent proxy can't intercept https communications.

If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.

pac does not slow down logon time.

Folow this tutorial skiping Active directory configuration, do only dns + dhcp

http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html


Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2793
  • Karma: +1/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: How to block https://facebook.com
« Reply #4 on: February 15, 2012, 06:55:36 am »
Moving from transparent proxy to an auto-detect won't slow things down.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline spillek

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #5 on: February 17, 2012, 11:03:01 am »
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.

where is the options ?
tks!

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2793
  • Karma: +1/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: How to block https://facebook.com
« Reply #6 on: February 17, 2012, 11:34:43 am »
You need to configure it both in the proxy (remove the transparent option) and in the browser's own proxy settings (and optionally in DNS). You'll also need to have a web server host the WPAD file - Wikipedia has more.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #7 on: February 17, 2012, 12:55:41 pm »
If you are using transparent proxy, you can only filter http port. Move to automatic proxy detect/configuration(WPAD/PAC) to get it working.

Is there any easier way? If this is done, the students computers will use much more time to log-on,
and don't really want to start with upstream proxy etc.

The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.

Another easy way would be to "blackhole" facebook.com using pfsense's DNS forwarder to create a DNS override to some "other" IP (this only works as long as people can't manually configure their devices to use a 3rd party DNS - so you may have to block 3rd party DNS servers)

Finally you can do "generic" URL filtering e.g. with squid/squidguard but to catch https would require you to configure them via WPAD/PAC to use your proxy, as explained by others.
« Last Edit: February 17, 2012, 12:58:28 pm by dhatz »

Offline spillek

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #8 on: February 20, 2012, 07:18:31 am »
The easiest way (which would also work with the base pfsense install, i.e. no 3rd party packages like squid) would be to define an alias with Facebook's IP ranges in CIDR format (easily found online, or you can create the list yourself using whois etc), and create a block rule for that.
I already try with below IP, but floating o lan rule don't work !
« Last Edit: June 05, 2013, 09:07:29 pm by cmb »

Offline spillek

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #9 on: February 23, 2012, 12:57:09 am »
no idea?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #10 on: February 23, 2012, 07:24:29 am »
A single rule on lan denying access to your alias should work.

Also include apps.facebook.com name on your alias.

To use wpad/pac, follow this tutorial skiping active directory configuration

http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html

Offline alpharomeo33

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #11 on: March 05, 2012, 11:27:05 pm »
I'm using the recent version 2.0.1

how do i block facebook in that version?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #12 on: March 06, 2012, 12:29:57 am »
Create a firewall alias with facebook hostnames and/or ip ranges and then apply it on a firewall -> rule on lan interface.

Offline tattoomees

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #13 on: March 06, 2012, 03:53:59 am »
here is screenshot of by Fbook aliases works fine
and rule on LAN
« Last Edit: March 06, 2012, 03:56:32 am by tattoomees »

Offline TyperX

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: How to block https://facebook.com
« Reply #14 on: March 11, 2012, 10:40:19 pm »
Hai all, blocking https://www.facebook.com is working for me, but how to block only http://apps.facebook.com & https://apps.facebook.com without blocking normal facebook.com ? :)