On 21/08/2013 11:58 p.m., Alfredo Rezinovsky wrote:
> El 20/08/13 21:21, junio escribió:
>> I'm okay to block facebook in the company I work for, I can not
>> redirect port
>> 443 successfully.
>>
>>
>>
>> --
>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/how-do-I-block-facebook-tp4661678.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>
> If you cannot redirect 443 port you should block facebook in a lower
> layer, not squid.
>
> You can poison your DNS so it don't answer facebook.com and fbcdn.net
> queries. This will work only if all your clients are using your DNS.
> You can redirect all the tcp/udp port 53 traffic to your own DNS to
> ensure this.
>
> Another way is to block the traffic in the IP layer.
>
> with:
>
> whois -h whois.radb.net '!gAS32934'
>
> You can have an updated facebook IPs lists.
Thinking of which there is the dst_as ACL type in Squid to block based
on the ASN number. Also requires a whois server configured in the
as_whois_server directive.
PS. I'm not sure how well it works since IPv6 support was added.
Feedback welcome.
Amos
Received on Fri Aug 23 2013 - 10:29:14 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 23 2013 - 12:00:35 MDT