Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 01:27:58 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  https://facebook.com not blocked by proxy
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] 2 3 Go Down Print
Author Topic: https://facebook.com not blocked by proxy  (Read 333485 times)
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« on: Friday 27 February 2009, 10:39:02 pm »

I block facebook.com , but it seems there is a workaround where users change to https://facebook.com and then can access. It blocks again on the http://facebook.com/home.php? but then they just change it to https and it works! Is there some way to block the whole range of IPs for facebook? I've tried with the Block List on the Content Filter but doesn't seem to be able to block https traffic.

Any suggestions?
Logged
gyp_the_cat
Full Member
***
Offline Offline

Posts: 81



WWW
« Reply #1 on: Saturday 28 February 2009, 02:44:27 am »

I'm not sure why this isn't working for you to be honest, we have
Quote from: /etc/dansguardian/blacklists/socialnetworking/domains
facebook.com
and it works fine.

You could always update your /etc/hosts to the following I guess if that still doesn't work:
Quote from: /etc/hosts
127.0.0.1     www.facebook.com
127.0.0.1     facebook.com
Logged
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Tuesday 03 March 2009, 02:54:34 am »

I guess I didn't explain myself correctly , facebook.com get's blocked fine , it's the secure https that's posing the problem.

Logged
martec
Full Member
***
Offline Offline

Posts: 34


« Reply #3 on: Wednesday 04 March 2009, 01:48:08 am »

Hi,

after read your post i try... it's true! No block httpS traffic...(all traffic in https bypass the content filter ?!?!?)...

I add facebook.com in blacklist: if in adress browser i write http://facebook.com, or http://www.facebook.com the endian BLOCK that, but if write https://facebook.com ... the browser open the site...

This is a BIG problem!!! The workaround it's ok if nobody must have access on the site, but if someone need the access???
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #4 on: Wednesday 25 March 2009, 05:50:24 am »

it works fine for myself. What are your Allowed SSL ports? Are the clients in a bypass list?
Logged
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« Reply #5 on: Friday 27 March 2009, 09:19:59 pm »

No clients are not in the bypass list , here are my allowed ports :

443 # https
563 # snews
3001 # ntop

Problem is I do need https access for certain sites. I've also added the whole IP block for facebook yet still https traffic get's passed.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #6 on: Saturday 28 March 2009, 07:34:53 am »

And you are placing just "facebook.com"  into the  Block the following sites on the content filtering page. Each entry on its own line with no comment (#) lines infront of the address?
Logged
martec
Full Member
***
Offline Offline

Posts: 34


« Reply #7 on: Monday 30 March 2009, 08:56:36 pm »

facebook.com it's in block list (tab proxy - content filer) without # at front...

The SSL port configure are (tab Proxy, Configuration, line "Allowed Ports and SSL Ports") :
443 # https
563 # snews
3001 # ntop

https://facebook.com it's NOT blocked...

Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #8 on: Tuesday 31 March 2009, 08:21:09 am »

What version of endian do you run?
Have you made any manual changes to squid.conf?
Are you blocking port 443 on the firewall? And setting the clients to use proxy port 8080 for its SSL proxy?
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #9 on: Wednesday 29 April 2009, 12:16:37 am »

I tired this also and the https site let me in.  However, everytime I tried to do something it seemed that the web site kept reverting back to http: 

If I place a S in there and make it https: then the page loads, but I have to do it almost every page change.  It might be enought to be a pain in the arse and defer users from going to that site.
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #10 on: Tuesday 05 May 2009, 04:30:47 am »

Apparently this does not apply to just facebook but I tried http://www.plentyoffish.com and it was blocked by my blocked sites list in the content filter but again when using HTTPS it allows the site to load.  My guess is that this is becuase port 443 is allowed in PROXY > HTTP > CONFIGURATION > ALLOWED PORTS AND SSL PORTS the web page is bypassing the content filter. 

Question is now, how to block the https sites that are listed in the content filter but allow all others to pass?
Logged
MAllam
Full Member
***
Offline Offline

Posts: 15


« Reply #11 on: Thursday 28 May 2009, 02:24:16 am »

Hi,

Can I just say we are suffering from this too, whatever address we block can simply be overcome by typing in https://blockedomain.com instead ... really annoying!
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #12 on: Thursday 28 May 2009, 03:27:25 am »

Ok. So,  were are experiencing problems with Endian so I put our old Netgear firewall back in play.  It has site blocking by keyword.  If I block facebook I cannot go to http://www.facebook.com but I can still go to https://www.facebook.com.  &%$*#^&* UGHHHHH.  So...... my deduction is that this is not and Endian specific issue but more of a HTTPS (port 443) issue.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #13 on: Friday 05 June 2009, 02:52:35 am »

Hmm. I suspect that port 443 is open on your firewalls, thus bypassing your proxies. Endian ships with a rule to allow the green interface out by default. Make sure this is shut off(number 2 on mine). Firewall -> Outgoing traffic. there should not be a check mark in the box on the right. or change the rule to deny.
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #14 on: Friday 05 June 2009, 04:26:46 am »

 mpeterson,  that doesn't make sense.  port 443 is tied to the https protocol just like port 80 is tied to http. Using your methodology then if I wanted to block http://www.facebook.com then I should disable port 80.  Then all web sites would be blocked.  Your suggestion is unacceptable.  http://www.facebook.com is blocked using the content filter with port 80 enabled. There are many legit sites where one would have to use HTTPS (port 443), banking for example.  This question is how to force Endian to filter HTTPS (port 443) traffic content.
Logged
Pages: [1] 2 3 Go Up Print 
« previous next »
Jump to:  

Page created in 0.141 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com