There are so many questions on how to block https facebook.com in the internet, yet there is no easy answer for it. Facebook and other social networking are blocked in school and other other establishment for the reason that it affects the learning process of students and productivity of employees.
In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https facebook in firewall rules.
In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https facebook in firewall rules.
How to Block https www.facebook.com
To do this of course we need to a pfsense firewall in our network. We need to download the pfsense installer from this link. You need also to install the squid proxy server to block some of the restricted websites. Here is how to install and configure Squid as a transparent proxy on pfSense.
Assuming that you already have pfSense setup. The next thing that we’re going to make is an alias. Select ‘Aliases’ from the firewall menu. Hit the ‘+’ icon to make a new one. You’ll see a screen that looks like this:
Create another alias for the port. Use port 443 for https and port 80 for http websites.
We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.
Set the above rules based on these criteria:
- Reject the the traffic from the LAN
- TCP connections
- source is LAN subnet
- Destination - select host or alias and put in the name of your alias.
- Set the Destination ports as other and select https
- No need for any of the advanced options
- leave the schedule as none
- leave the gateway default
- and give it a descriptive name for future reference.
- Now, Save and Apply. You’re done.
This is the easy way to block HTTPS websites including facebook.com in pfsense server. If there are better methods to block https websites, please leave a comment on this page.
UPDATE: In addition, you can use www.nwtools.com to determine the CIDR of the sites you wish to block.
UPDATE: In addition, you can use www.nwtools.com to determine the CIDR of the sites you wish to block.
but facebook's IP addresses are plenty. How do you block them all?
ReplyDeletePlease refer to this page..
ReplyDeleteThe IP addresses of Facebook
I been using these IP addresses of facebook and it's working.
hi sir how about CIDR needed in the settings?
ReplyDeleteUsing squid in non-transparent mode will block https. You need to set up pfsense as a wpad server, or alternatively set each client browser manually to access the proxy.Plenty of info on the pfsense site, not difficult to do.
ReplyDeleteIt works well. I tried it by blocking rapidshare.com. Thanks!
ReplyDeleteI used OpenDNS...
ReplyDeleteIf u have Good antivirus with parental control , then u can block https site on that particular PC. It will be the best if u have server edition.
ReplyDeleteI have Quickheal 2013 total security . it works great.
From
Nitin-India
very heplpful thanks!
ReplyDeleteSquid in non-transparent mode is the ideal way to really control things. Use firewall to:
ReplyDelete1. block all outbound DNS (port 53) unless destination is NortonDNS/OpenDNS/etc
2. block all outbound to port 80 and 443 (this forces all clients to use proxy port ie. 3128 default for squid)
3. use dhcp server to enforce static mappings (meaning you cannot hardcode a static ip if you have exclusions for the proxy)
4. alternately try ip-guard-dev to maintain an ip to mac pairing.
Its a bit of work to setup and not exactly easy to learn, but the results are you have control of your network.
Once you start using a proxy you will find certain things, like online games, are hard coded to use a specific port (like 80) and won't work with a proxy. In these cases if you want to allow this, create an alias that has the ip of the url (or the ip/cdr of the network) and allow that specific traffic to pass.
So many great options available and its free. All you need to do is spend the time to learn.
Check with your web empower network blog beast () host to see what is being said so those further from the speaker can hear.
ReplyDeleteThis is of utmost importance and bloggers need to consider one of the following,
or not quite enough food, or unplugging your fridge
and turning your hot water off. Ask a SEO consultant for further information
and assistance if you are trying to attract and that offer favorable commission terms.
i have successfully blocked https://www.facebook.com
ReplyDeletebut now how can i unblock facebook to specific users
I am using pfsense 2.0 with squid and light squid with transparent mode
Hello i have to use this way to block https it success but when client change their ip address dns to 8.8.8.8 they can open facebook vai https://www.facebook.com. please help me find this solution thank
ReplyDeleteHello! i have successfully blocked https://www.facebook.com but when client change dns ip to 8.8.8.8 or 8.8.4.4 they can open facebook again vai https, please help how to do that ?
ReplyDeleteThese all proxies site are much helpful and I have got a great link which does work fast.it is very easy to use.you can access any blocked site by using this link.
ReplyDeletetorrentHound UK proxy