The pfSense Store

Author Topic: block traffic from specific sites.  (Read 1718 times)

0 Members and 1 Guest are viewing this topic.

Offline cylent

  • Full Member
  • ***
  • Posts: 101
  • Karma: +0/-0
    • View Profile
block traffic from specific sites.
« on: April 06, 2012, 10:06:44 am »
this may sound too easy for some but its not something i can figure out.

lets say i want to block

windowsupdate.com
or download.windowsupdate.com
or phobos.apple.com

the problem is these sites dont have one ip address. most have 10 or even more and theres no way to figure them all out to drop traffic from one or two ips.

i found a method to use the dns forwarder and add a 127.0.0.1 to a domain however...
what do you do when you have a1410.phobos.apple.com and then it changes to a736.phobos.apple.com

obviously here i dont want to block all apple.com.... just these update sites.

please advise.
« Last Edit: April 06, 2012, 10:11:57 am by cylent »

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: block traffic from specific sites.
« Reply #1 on: April 06, 2012, 10:38:38 am »
Probably the easiest way would be to create bogus wildcard DNS records.

Offline cylent

  • Full Member
  • ***
  • Posts: 101
  • Karma: +0/-0
    • View Profile
Re: block traffic from specific sites.
« Reply #2 on: April 06, 2012, 10:51:44 am »
that sounds great but i wouldnt know how to do that.

for example my top taffic sites according to lightsquid are:

ardownload.adobe.com    
a1410.phobos.apple.com    
au.download.windowsupdate.com
swcdn.apple.com    
a474.phobos.apple.com
wl.dlservice.microsoft.com

as you can see from above phobos.apple.com has two links above. and more and more.


my users are literally ignorant. they dont know even basic computer knowledge. and because i set speed limits for their internet access they will complain their connection is slow. little do they know that their computer is running an update in the background sucking the speed thats allowed to them.


Offline M.I.Bovrd

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
  • M.I.Bovrd
    • View Profile
    • CQRITEŽ
Re: block traffic from specific sites.
« Reply #3 on: April 06, 2012, 01:14:34 pm »
Services -> Proxy Server -> Access Control tab -> Blacklist Box


(^|\.)windowsupdate\.com$
(^|\.)download\.windowsupdate\.com$
(^|\.)phobos\.apple\.com$

Tweet: MIBovrd@cqrite http://www.cqrite.com

Offline cylent

  • Full Member
  • ***
  • Posts: 101
  • Karma: +0/-0
    • View Profile
Re: block traffic from specific sites.
« Reply #4 on: April 06, 2012, 10:56:05 pm »
Thank you.

can you please tell me how to enter in these characters so i can make my own syntax?

also

is there a file squid uses to show the blocked sites in a log?

Offline M.I.Bovrd

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
  • M.I.Bovrd
    • View Profile
    • CQRITEŽ
Re: block traffic from specific sites.
« Reply #5 on: April 07, 2012, 10:22:33 am »
Sorry, not sure what you mean? Type them, as you see them in the Blacklist Box.

Select - Services -> Proxy Server -> Access Control tab -> Blacklist Box

here is another couple you might want to try from your list.

(^|\.)dlservice\.microsoft\.com$
(^|\.)swcdn\.apple\.com$
(^|\.)ardownload\.adobe\.com$

The characters are regular expressions: the backslash is a delimiter for the '.' because it is a reserved character.
the '^' matches anything in front of the line with a '.'
The '$' matches anything after.
in syslog?

Tweet: MIBovrd@cqrite http://www.cqrite.com

Offline cylent

  • Full Member
  • ***
  • Posts: 101
  • Karma: +0/-0
    • View Profile
Re: block traffic from specific sites.
« Reply #6 on: April 07, 2012, 12:44:15 pm »
ya what i mean is how do you know the characters.

Offline M.I.Bovrd

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
  • M.I.Bovrd
    • View Profile
    • CQRITEŽ
Re: block traffic from specific sites.
« Reply #7 on: April 07, 2012, 10:15:58 pm »
As I said they are 'regular expressions' used in unix and other OS's. Many OS's use a subset of the main expressions. A Google search for them will reveal many examples.


Tweet: MIBovrd@cqrite http://www.cqrite.com