Welcome, Guest. Please login or register.
Did you miss your activation email?
August 31, 2014, 02:18:54 AM

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
10932 Posts in 3664 Topics by 3285 Members
Latest Member: yrxibbll
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  https://facebook.com not blocked by proxy
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] 2 3 Go Down Print
Author Topic: https://facebook.com not blocked by proxy  (Read 147907 times)
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« on: February 27, 2009, 10:39:02 PM »

I block facebook.com , but it seems there is a workaround where users change to https://facebook.com and then can access. It blocks again on the http://facebook.com/home.php? but then they just change it to https and it works! Is there some way to block the whole range of IPs for facebook? I've tried with the Block List on the Content Filter but doesn't seem to be able to block https traffic.

Any suggestions?
Logged
gyp_the_cat
Full Member
***
Offline Offline

Posts: 81



WWW
« Reply #1 on: February 28, 2009, 02:44:27 AM »

I'm not sure why this isn't working for you to be honest, we have
Quote from: /etc/dansguardian/blacklists/socialnetworking/domains
facebook.com
and it works fine.

You could always update your /etc/hosts to the following I guess if that still doesn't work:
Quote from: /etc/hosts
127.0.0.1     www.facebook.com
127.0.0.1     facebook.com
Logged
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: March 03, 2009, 02:54:34 AM »

I guess I didn't explain myself correctly , facebook.com get's blocked fine , it's the secure https that's posing the problem.

Logged
martec
Full Member
***
Offline Offline

Posts: 34


« Reply #3 on: March 04, 2009, 01:48:08 AM »

Hi,

after read your post i try... it's true! No block httpS traffic...(all traffic in https bypass the content filter ?!?!?)...

I add facebook.com in blacklist: if in adress browser i write http://facebook.com, or http://www.facebook.com the endian BLOCK that, but if write https://facebook.com ... the browser open the site...

This is a BIG problem!!! The workaround it's ok if nobody must have access on the site, but if someone need the access???
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #4 on: March 25, 2009, 05:50:24 AM »

it works fine for myself. What are your Allowed SSL ports? Are the clients in a bypass list?
Logged
djtzar
Jr. Member
*
Offline Offline

Posts: 4


« Reply #5 on: March 27, 2009, 09:19:59 PM »

No clients are not in the bypass list , here are my allowed ports :

443 # https
563 # snews
3001 # ntop

Problem is I do need https access for certain sites. I've also added the whole IP block for facebook yet still https traffic get's passed.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #6 on: March 28, 2009, 07:34:53 AM »

And you are placing just "facebook.com"  into the  Block the following sites on the content filtering page. Each entry on its own line with no comment (#) lines infront of the address?
Logged
martec
Full Member
***
Offline Offline

Posts: 34


« Reply #7 on: March 30, 2009, 08:56:36 PM »

facebook.com it's in block list (tab proxy - content filer) without # at front...

The SSL port configure are (tab Proxy, Configuration, line "Allowed Ports and SSL Ports") :
443 # https
563 # snews
3001 # ntop

https://facebook.com it's NOT blocked...

Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #8 on: March 31, 2009, 08:21:09 AM »

What version of endian do you run?
Have you made any manual changes to squid.conf?
Are you blocking port 443 on the firewall? And setting the clients to use proxy port 8080 for its SSL proxy?
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #9 on: April 29, 2009, 12:16:37 AM »

I tired this also and the https site let me in.  However, everytime I tried to do something it seemed that the web site kept reverting back to http: 

If I place a S in there and make it https: then the page loads, but I have to do it almost every page change.  It might be enought to be a pain in the arse and defer users from going to that site.
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #10 on: May 05, 2009, 04:30:47 AM »

Apparently this does not apply to just facebook but I tried http://www.plentyoffish.com and it was blocked by my blocked sites list in the content filter but again when using HTTPS it allows the site to load.  My guess is that this is becuase port 443 is allowed in PROXY > HTTP > CONFIGURATION > ALLOWED PORTS AND SSL PORTS the web page is bypassing the content filter. 

Question is now, how to block the https sites that are listed in the content filter but allow all others to pass?
Logged
MAllam
Full Member
***
Offline Offline

Posts: 15


« Reply #11 on: May 28, 2009, 02:24:16 AM »

Hi,

Can I just say we are suffering from this too, whatever address we block can simply be overcome by typing in https://blockedomain.com instead ... really annoying!
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #12 on: May 28, 2009, 03:27:25 AM »

Ok. So,  were are experiencing problems with Endian so I put our old Netgear firewall back in play.  It has site blocking by keyword.  If I block facebook I cannot go to http://www.facebook.com but I can still go to https://www.facebook.com.  &%$*#^&* UGHHHHH.  So...... my deduction is that this is not and Endian specific issue but more of a HTTPS (port 443) issue.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #13 on: June 05, 2009, 02:52:35 AM »

Hmm. I suspect that port 443 is open on your firewalls, thus bypassing your proxies. Endian ships with a rule to allow the green interface out by default. Make sure this is shut off(number 2 on mine). Firewall -> Outgoing traffic. there should not be a check mark in the box on the right. or change the rule to deny.
Logged
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« Reply #14 on: June 05, 2009, 04:26:46 AM »

 mpeterson,  that doesn't make sense.  port 443 is tied to the https protocol just like port 80 is tied to http. Using your methodology then if I wanted to block http://www.facebook.com then I should disable port 80.  Then all web sites would be blocked.  Your suggestion is unacceptable.  http://www.facebook.com is blocked using the content filter with port 80 enabled. There are many legit sites where one would have to use HTTPS (port 443), banking for example.  This question is how to force Endian to filter HTTPS (port 443) traffic content.
Logged
Pages: [1] 2 3 Go Up Print 
« previous next »
Jump to:  

Page created in 5.065 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com