There are so many questions on how to block https www.facebook.com in the internet, yet there is no easy answer for it. Facebook and other social networking are need to be block in school and other other establishment because it affects the productivity of students and employees.
In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https www.facebook.com in firewall rules.
In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https www.facebook.com in firewall rules.
How to Block https www.facebook.com
To do this of course we need to a pfsense firewall in the our network. We need to download the installer from this link. You need also to install the squid proxy server to block some of the restricted websites. Here is how to install and configure Squid as a transparent proxy on pfSense.
Assuming that you already have pfSense setup. The next thing that we’re going to make is an alias. Select ‘Aliases’ from the firewall menu. Hit the ‘+’ icon to make a new one. You’ll see a screen that looks like this:
Provide the name of the alias, add the host, set the type of an alias as a network ,you can also add a description, and most importantly, you’ll need to specify it by IP address then select the CIDR (network mask) that pertains to each entry.
Create another alias for the port. Use port 443 for https and port 80 for http websites.
We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.
Set the above rules based on these criteria:
We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.
Set the above rules based on these criteria:
- Reject the the traffic from the LAN
- TCP connections
- source is any
- any/none OS
- Destination - select host or alias and put in the name of your alias.
- Set the Destination ports as other and select https
- No need for any of the advanced options
- leave the schedule as none
- leave the gateway default
- and give it a descriptive name for future reference.
- Now, Save and Apply. You’re done.
Credits to: -- Originally from Tech Tak Talk by Ramel dela Cruz. His new blog link here.