As we know, Squid’s transparent proxy cannot filter https traffic, but we can block it using iptables. Here are some tricks how to block https traffic from Facebook using IPcop version 1.9.x. The easiest way to block Facebook’s https traffic is by blocking its IP range. You don’t have to find the specific IP for Facebook to block it. As we know, Facebook has a lot of public IP addresses. – SNIP 1. From the IPcop gui-menu, go to Firewall –> Addresses 2. Put Name, Address format (make sure you choose IP here), Address and Netmask. 3. Here is the tricky part. For the Address and Netmask, put these IP addresses. 69.63.176.0/255.255.240.0 66.220.144.0/255.255.240.0 204.15.20.0/255.255.240.0 4. From the whois information, you can see at least this range belongs to Facebook.com bsd@genetics:~$ whois 204.15.20.0 # # Query terms are ambiguous. The query is assumed to be: # "n 204.15.20.0" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=204.15.20.0?showDetails=true&showARIN=false # NetRange: 204.15.20.0 - 204.15.23.255 CIDR: 204.15.20.0/22 OriginAS: AS32934 NetName: TFBNET1 NetHandle: NET-204-15-20-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Assignment NameServer: NS5.FACEBOOK.COM NameServer: NS4.FACEBOOK.COM NameServer: NS3.FACEBOOK.COM Comment: Contact abuse@facebook.com with issues. RegDate: 2005-08-08 Updated: 2010-07-08 Ref: http://whois.arin.net/rest/net/NET-204-15-20-0-1 OrgName: Facebook, Inc. OrgId: THEFA-3 Address: 1601 S. California Ave City: Palo Alto StateProv: CA PostalCode: 94304 Country: US RegDate: 2004-08-11 Updated: 2010-04-09 Ref: http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: domain@facebook.com OrgTechRef: http://whois.arin.net/rest/poc/OPERA82-ARIN RTechHandle: OPERA82-ARIN RTechName: Operations RTechPhone: +1-650-543-4800 RTechEmail: domain@facebook.com RTechRef: http://whois.arin.net/rest/poc/OPERA82-ARIN RAbuseHandle: OPERA82-ARIN RAbuseName: Operations RAbusePhone: +1-650-543-4800 RAbuseEmail: domain@facebook.com RAbuseRef: http://whois.arin.net/rest/poc/OPERA82-ARIN RNOCHandle: OPERA82-ARIN RNOCName: Operations RNOCPhone: +1-650-543-4800 RNOCEmail: domain@facebook.com RNOCRef: http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # bsd@genetics:~$ 5. Then proceed to Firewall –> Address Groups, create new Address Group Name (e.g Facebook), then select Custom Addresses inside that group. 6. Next, proceed to Firewall Rules –> Outgoing Traffic, then configure your firewall as below : Default networks = Green Networks Destination --> Address Groups -->Facebook Tick Use Service --> Default Services --> https (443) Additional --> Tick Rule enabled, Rule Action -->Drop, Remark -->Facebook https blocked Click Save 7. Make sure these rules stay above any other rules. 8. After this, point your browser at https://www.facebook.com. If you have understood and done things right, you should be unable to open https Facebook and get a timeout message.
Thursday, May 24, 2012
IPCop :: block facebook hhpd - altenative
from http://gateway.hacker.my/2011/02/blocking-https-facebook-using-ipcop/
Subscribe to:
Post Comments (Atom)
1 comment:
Hello, good write up.
We are responsible for a fairly large organization, and had to implement our own in house web filtering solution, using open source content filter applications or hardware solutions. We decided that using ipcop to redirect to squid with blacklists from http://www.squidblacklist.org was the best value and most effective solution at the price point we needed. We found that the free blacklists available were really a poor choice.
Anyway, hopefully someone finds the experience useful.
Post a Comment