Monday, April 4, 2011

How to Block HTTPS(443) Social Networking Sites on your Private/Business Network

There are so many questions on how to block https www.facebook.com in the internet, yet there is no easy answer for it. Facebook and other social networking are need to be block in school and other other establishment because it affects the productivity of students and employees.

In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http.  To solve the problem I need to block https www.facebook.com in firewall rules.

How to Block https www.facebook.com

To do this  of course we need to a pfsense firewall in the our network. We need to download the installer from this link. You need also to install the squid proxy server to block some of the restricted websites. Here is how to install and configure Squid as a transparent proxy on pfSense.

Assuming that you already have pfSense setup. The next thing that we’re going to make is an alias. Select ‘Aliases’ from the firewall menu. Hit the ‘+’ icon to make a new one. You’ll see a screen that looks like this:
Provide the name of the alias, add the host, set the type of an alias as a network ,you can also add a description, and most importantly, you’ll need to specify it by IP address then select the CIDR (network mask) that pertains to each entry.

Create another alias for the port. Use port 443 for https and port 80 for http websites.

We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.
Set the above rules based on these criteria:
  • Reject the the traffic from the LAN
  • TCP connections
  • source is any
  • any/none OS
  • Destination - select host or alias and put in the name of your alias.
  • Set the Destination ports as other and select https
  • No need for any of the advanced options
  • leave the schedule as none
  • leave the gateway default
  • and give it a descriptive name for future reference. 
  • Now, Save and Apply. You’re done.
This is the easy way to block HTTPS websites including facebook.com in pfsense server.

Credits to: --   Originally from Tech Tak Talk by Ramel dela Cruz. His new blog link here.

15 comments:

Anonymous said...

You are my saviour, this method works and it's easy, thank you very much...

br

Carlo

dwaine Onyx said...

Sir, for me to block the https://www.facebook.com may I ask on how to get the IP address of it? CIDR is also my proble I really dont know the CIDR of facebook. Also under firewall:Rules:Edit when I tried to put the www.facebook.com or facebook.com but it prompts me an error. Sir Please help me to resolve the issue.


Edwin Onia
email: edwinonia_infotech@yahoo.com.ph

Anonymous said...

@edwin

if you have pfsense or untangle, you may try;

-blocking the TCP/UDP
-Dest.Addr.: 69.63.181.12,69.63.189.11, 69.63.189.16
-Dest.port: 443

dwaine Onyx said...

Thanks for the immediate reply but still they can access the https. Any other solution???

Tech31 said...

how bout try OpenDNS, from there you can block social networks. yopu may refer to opendns.com how to use it.

dwaine Onyx said...

I want to use my Pfsense 2.0 as https blocker. Hope that you can give me sir a solution to do that. Thank you so much in advance!!!!!

Tech31 said...

@dwaine

i havent yet upgraded to ver.2.0, im still using the ver.1.2.3 and is all stable. actually, this one works for me and the other one which i use is my OpenDNS account. just for now...

dwaine Onyx said...

Sir can you give me the instruction on how to do that? Thank you so much in advance!

WildwestGoh said...

Setup the method exactly like the guides but still unable to block https://www.facebook.com.
Using pfSense 2.0-RELEASE (i386)
built on Tue Sep 13

Tech31 said...

im now using pfSense 2.0 + OpenDNS.

within my OpenDNS account i can block the whole category for social net sites. much more effective.

Ramel de la Cruz said...

This is not your article. This is taken from my blog.

http://www.tekkianswer.com/2011/08/how-to-block-https-wwwfacebookcom.html

Ramel de la Cruz said...
This comment has been removed by the author.
Ramel de la Cruz said...

Please give at least a link back to my blog. Tech-tak-talk is my old blog.

Tech31 said...

@ Ramel

Yes I did at the bottom of my post. I gave credits to tech tak talk.

No, problem I'll just re-edit for your credit if you change your old blog.

Thanks for letting me know. I appreciate your article and posting it on mine as reference.

Best to you my friend!

Ramel de la Cruz said...

@cyb3rcon

Thanks pre.

More power to your blog!