https://facebook.com not blocked by proxy

[Guest]

[djtzar]

I block facebook.com , but it seems there is a workaround where users change to https://facebook.com and then can access. It blocks again on the http://facebook.com/home.php? but then they just change it to https and it works! Is there some way to block the whole range of IPs for facebook? I've tried with the Block List on the Content Filter but doesn't seem to be able to block https traffic.

Any suggestions?

[gyp_the_cat]

I'm not sure why this isn't working for you to be honest, we have

facebook.com

and it works fine.

You could always update your /etc/hosts to the following I guess if that still doesn't work:

127.0.0.1     www.facebook.com
127.0.0.1     facebook.com

[djtzar]

I guess I didn't explain myself correctly , facebook.com get's blocked fine , it's the secure https that's posing the problem.

[martec]

Hi,

after read your post i try... it's true! No block httpS traffic...(all traffic in https bypass the content filter ?!?!?)...

I add facebook.com in blacklist: if in adress browser i write http://facebook.com, or http://www.facebook.com the endian BLOCK that, but if write https://facebook.com ... the browser open the site...

This is a BIG problem!!! The workaround it's ok if nobody must have access on the site, but if someone need the access???

[npeterson]

it works fine for myself. What are your Allowed SSL ports? Are the clients in a bypass list?

[djtzar]

No clients are not in the bypass list , here are my allowed ports :

443 # https
563 # snews
3001 # ntop

Problem is I do need https access for certain sites. I've also added the whole IP block for facebook yet still https traffic get's passed.

[npeterson]

And you are placing just "facebook.com"  into the  Block the following sites on the content filtering page. Each entry on its own line with no comment (#) lines infront of the address?

[martec]

facebook.com it's in block list (tab proxy - content filer) without # at front...

The SSL port configure are (tab Proxy, Configuration, line "Allowed Ports and SSL Ports") :
443 # https
563 # snews
3001 # ntop

https://facebook.com it's NOT blocked...

[npeterson]

What version of endian do you run?
Have you made any manual changes to squid.conf?
Are you blocking port 443 on the firewall? And setting the clients to use proxy port 8080 for its SSL proxy?

[jpgillivan]

I tired this also and the https site let me in.  However, everytime I tried to do something it seemed that the web site kept reverting back to http: 

If I place a S in there and make it https: then the page loads, but I have to do it almost every page change.  It might be enought to be a pain in the arse and defer users from going to that site.

[jpgillivan]

Apparently this does not apply to just facebook but I tried http://www.plentyoffish.com and it was blocked by my blocked sites list in the content filter but again when using HTTPS it allows the site to load.  My guess is that this is becuase port 443 is allowed in PROXY > HTTP > CONFIGURATION > ALLOWED PORTS AND SSL PORTS the web page is bypassing the content filter. 

Question is now, how to block the https sites that are listed in the content filter but allow all others to pass?

[MAllam]

Hi,

Can I just say we are suffering from this too, whatever address we block can simply be overcome by typing in https://blockedomain.com instead ... really annoying!

[jpgillivan]

Ok. So,  were are experiencing problems with Endian so I put our old Netgear firewall back in play.  It has site blocking by keyword.  If I block facebook I cannot go to http://www.facebook.com but I can still go to https://www.facebook.com.  &%$*#^&* UGHHHHH.  So...... my deduction is that this is not and Endian specific issue but more of a HTTPS (port 443) issue.

[npeterson]

Hmm. I suspect that port 443 is open on your firewalls, thus bypassing your proxies. Endian ships with a rule to allow the green interface out by default. Make sure this is shut off(number 2 on mine). Firewall -> Outgoing traffic. there should not be a check mark in the box on the right. or change the rule to deny.

[jpgillivan]

 mpeterson,  that doesn't make sense.  port 443 is tied to the https protocol just like port 80 is tied to http. Using your methodology then if I wanted to block http://www.facebook.com then I should disable port 80.  Then all web sites would be blocked.  Your suggestion is unacceptable.  http://www.facebook.com is blocked using the content filter with port 80 enabled. There are many legit sites where one would have to use HTTPS (port 443), banking for example.  This question is how to force Endian to filter HTTPS (port 443) traffic content.