Thank you very much for you help i also thought for the same but it
doesn't help me. because i like to block this on certain time window.
like it will b allowed only in lunch hours or after COB so this might
not work. any suggestion on this scenario.
Thanks,
On Mon, Feb 27, 2012 at 8:45 PM, Naira Kaieski <naira_at_faccat.br> wrote:
> Hi,
>
> I can block https access on firewall. Try it:
>
> IPTABLES=`which iptables`
>
> $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
> $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
> $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
> $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
> $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook
>
> or
>
> $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp --dport 443 -j DROP #
> facebook
> $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp --dport 443 -j DROP # facebook
> $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp --dport 443 -j DROP #
> facebook
> $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp --dport 443 -j DROP #
> facebook
> $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp --dport 443 -j DROP # facebook
>
> The rules above will block all traffic for the defined networks.
> Squid does not filter https traffic directly like the http. I think that you
> are using transparent proxy in your LAN.
>
> Naira Kaieski
> Linux Professional Institute - LPI 101
>
>
> Em 27/2/2012 12:28, Muhammad Yousuf Khan escreveu:
>
>> acl testdomain dstdomain .facebook.com
>> http_access deny testdomain
>>
>> above is my acl how ever http works fine it blocked now when i go to
>> https facebook it just allow it.
>> how can i stop this. kindly help
>>
>> Thank you.
>>
>> MYK
Received on Mon Feb 27 2012 - 20:24:35 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 28 2012 - 12:00:10 MST