Selected blocking of htpps port

[Guest]

[cavillarba]

Hi,

I setup my endian firewall to block https port except for yahoo mail using the its ip address, but still won't work. (see attached configuration)

Could someone help. Thanks

CESAR

[speccompsol]

You may need to add more of the Yahoo IP Addresses . . . .

Yahoo Mail Server IP Addresses
emailquestions.com/yahoo-mail/2390-yahoo-mail-server-ip-addresses.html

Full List
public.yahoo.com/~carloc/ymail.html

[cavillarba]

Hi speccompsol;

Thanks for your reply. I'm doing the other way around. Instead of disabling the https protocol, i created #2 new firewall rule to deny facebook only and blocking its IP addresses but i noticed that there are varied/dynamic facebook IP's.

The rule i created(see attached), i think it's not working since clients can still access facebook.com.

Pls. help.

CESAR

[Galas]

Apparently there is no way to succesfully block https to facebook and other urls with the content filtering in proxy settings.
If you block port 443 you can't browse using https, but that means you can't use ANY secure banking website, etc

Im on a similar path than yours, looking for efficient solution.

[rosch]

You can successfully block https websites knowing their IP addresses. There can be a lot though. They all have to be put in an outgoing firewall rule.
A nice thing here would be to redirect those accesses to a friendly error page instead of the browser trying to load the page until either the final time-out happens or the page just stays blank.

I have not been able to find a way to only block an outgoing firewall rule by a schedule..I guess that has to be done manually with iptables.