Tech31: How to Block HTTPS(443) Social Networking Sites on your Private/Business Network

Monday, April 4, 2011

How to Block HTTPS(443) Social Networking Sites on your Private/Business Network

There are so many questions on how to block https www.facebook.com in the internet, yet there is no easy answer for it. Facebook and other social networking are need to be block in school and other other establishment because it affects the productivity of students and employees.

In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https www.facebook.com in firewall rules.

How to Block https www.facebook.com

To do this of course we need to a pfsense firewall in the our network. We need to download the installer from this link. You need also to install the squid proxy server to block some of the restricted websites. Here is how to install and configure Squid as a transparent proxy on pfSense.

Assuming that you already have pfSense setup. The next thing that we’re going to make is an alias. Select ‘Aliases’ from the firewall menu. Hit the ‘+’ icon to make a new one. You’ll see a screen that looks like this:

Provide the name of the alias, add the host, set the type of an alias as a network ,you can also add a description, and most importantly, you’ll need to specify it by IP address then select the CIDR (network mask) that pertains to each entry.

Create another alias for the port. Use port 443 for https and port 80 for http websites.

We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.

Set the above rules based on these criteria:

Reject the the traffic from the LAN
TCP connections
source is any
any/none OS
Destination - select host or alias and put in the name of your alias.
Set the Destination ports as other and select https
No need for any of the advanced options
leave the schedule as none
leave the gateway default
and give it a descriptive name for future reference.
Now, Save and Apply. You’re done.

This is the easy way to block HTTPS websites including facebook.com in pfsense server.

Credits to: -- Originally from Tech Tak Talk by Ramel dela Cruz. His new blog link here.

15 comments:

Anonymous said...: You are my saviour, this method works and it's easy, thank you very much...

br

Carlo; Tuesday, July 12, 2011 at 9:21:00 PM GMT+8
dwaine Onyx said...: Sir, for me to block the https://www.facebook.com may I ask on how to get the IP address of it? CIDR is also my proble I really dont know the CIDR of facebook. Also under firewall:Rules:Edit when I tried to put the www.facebook.com or facebook.com but it prompts me an error. Sir Please help me to resolve the issue.

Edwin Onia
email: edwinonia_infotech@yahoo.com.ph; Thursday, September 29, 2011 at 4:24:00 PM GMT+8
Anonymous said...: @edwin

if you have pfsense or untangle, you may try;

-blocking the TCP/UDP
-Dest.Addr.: 69.63.181.12,69.63.189.11, 69.63.189.16
-Dest.port: 443; Thursday, September 29, 2011 at 4:45:00 PM GMT+8
dwaine Onyx said...: Thanks for the immediate reply but still they can access the https. Any other solution???; Monday, October 3, 2011 at 9:33:00 AM GMT+8
Tech31 said...: how bout try OpenDNS, from there you can block social networks. yopu may refer to opendns.com how to use it.; Monday, October 3, 2011 at 10:41:00 AM GMT+8
dwaine Onyx said...: I want to use my Pfsense 2.0 as https blocker. Hope that you can give me sir a solution to do that. Thank you so much in advance!!!!!; Monday, October 3, 2011 at 4:47:00 PM GMT+8
Tech31 said...: @dwaine

i havent yet upgraded to ver.2.0, im still using the ver.1.2.3 and is all stable. actually, this one works for me and the other one which i use is my OpenDNS account. just for now...; Monday, October 3, 2011 at 5:10:00 PM GMT+8
dwaine Onyx said...: Sir can you give me the instruction on how to do that? Thank you so much in advance!; Wednesday, October 5, 2011 at 8:51:00 AM GMT+8
WildwestGoh said...: Setup the method exactly like the guides but still unable to block https://www.facebook.com.
Using pfSense 2.0-RELEASE (i386)
built on Tue Sep 13; Wednesday, December 14, 2011 at 1:14:00 PM GMT+8
Tech31 said...: im now using pfSense 2.0 + OpenDNS.

within my OpenDNS account i can block the whole category for social net sites. much more effective.; Wednesday, December 14, 2011 at 1:51:00 PM GMT+8
Ramel de la Cruz said...: This is not your article. This is taken from my blog.

http://www.tekkianswer.com/2011/08/how-to-block-https-wwwfacebookcom.html; Friday, May 4, 2012 at 9:58:00 PM GMT+8
Ramel de la Cruz said...: This comment has been removed by the author.; Friday, May 4, 2012 at 10:08:00 PM GMT+8
Ramel de la Cruz said...: Please give at least a link back to my blog. Tech-tak-talk is my old blog.; Friday, May 4, 2012 at 10:09:00 PM GMT+8
Tech31 said...: @ Ramel

Yes I did at the bottom of my post. I gave credits to tech tak talk.

No, problem I'll just re-edit for your credit if you change your old blog.

Thanks for letting me know. I appreciate your article and posting it on mine as reference.

Best to you my friend!; Friday, May 4, 2012 at 10:20:00 PM GMT+8
Ramel de la Cruz said...: @cyb3rcon

Thanks pre.

More power to your blog!; Saturday, May 5, 2012 at 6:09:00 AM GMT+8

Monday, April 4, 2011

How to Block HTTPS(443) Social Networking Sites on your Private/Business Network

15 comments:

BJ300 27MHz Linear Amplifier AM-150Watts; SSB-300Watts