LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-01-2012, 01:02 AM   #1
tanin007
LQ Newbie
 
Registered: Dec 2011
Posts: 10

Rep: Reputation: Disabled
Try to block https://facebook.com but cannot able to do this yet


Hi i add this line into my squid.conf file:
Code:
http_port 3128 transparent
http_port 80 defaultsite=192.168.20.1
acl port80 port 80
acl BLACKLIST_DOMAINS dstdom_regex -i "/etc/squid/blacklist_domains"
http_access deny BLACKLIST_DOMAINS
http_access allow port80
visible_hostname host.domain.com
acl localhost src 127.0.0.1/8
acl lan src 192.168.10.26 192.168.20.1/24
http_access allow localhost
http_access allow lan
In blacklist_domains file i add this:
Code:
.facebook.com
But yet i cannot able to block https://www.facebook.com. Can any one help me?
 
Old 01-01-2012, 02:38 AM   #2
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
The first step would be to have Squid proxy HTTPS traffic.

From the configuration it looks like Squid is only proxying for HTTP traffic.
 
Old 01-01-2012, 02:41 AM   #3
tanin007
LQ Newbie
 
Registered: Dec 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks for your reply. Can you please tell me how can i configure squid so that it can block both https and http trafic for facebook. I add this :

Quote:
http_port 3128 transparent
http_port 80 defaultsite=192.168.20.1
acl port80 port 443
acl BLACKLIST_DOMAINS dstdom_regex -i "/etc/squid/blacklist_domains"
http_access deny BLACKLIST_DOMAINS
acl port80 port 80
acl BLACKLIST_DOMAINS dstdom_regex -i "/etc/squid/blacklist_domains"
http_access deny BLACKLIST_DOMAINS
#ssl_bump allow all
#acl bad_sites dstdomain .facebook.com
#http_access CONNECT deny bad_sites
http_access allow port80
visible_hostname host.domain.com
acl localhost src 127.0.0.1/8
acl lan src 192.168.10.26 192.168.20.1/24
http_access allow localhost
http_access allow lan
But yet it not working for https://www.facebook.com

Last edited by tanin007; 01-01-2012 at 02:54 AM.
 
Old 01-01-2012, 02:58 AM   #4
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
I will give you these tips:

1) You can't proxy SSL traffic transparently as you currently do with HTTP.
2) You may need to terminate the SSL connection to the remote server at Squid, and have an entirely different SSL connection from the browser to Squid for the filter to work. This I'm unsure about.

Resources:

http://wiki.squid-cache.org/Features/HTTPS
http://wiki.squid-cache.org/Features/SslBump
https://calomel.org/squid.html

This should get you started. If you get stuck post back. If you're lucky someone with more commitment may implement a configuration for you.
 
Old 01-01-2012, 02:59 AM   #5
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,761

Rep: Reputation: 576Reputation: 576Reputation: 576Reputation: 576Reputation: 576Reputation: 576
You could just add
Code:
127.0.0.1 www.facebook.com
to your hosts file after all the other entries.
 
Old 01-01-2012, 03:03 AM   #6
tanin007
LQ Newbie
 
Registered: Dec 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
I tried in many way and post many times. But some person tell me that it is impossible to block https://www.facebook.com. So i need help to actually how can i do this? And in where of my configuration i need to change so that it block https://www.facebook.com

And 127.0.0.1 www.facebook.com is not applicable here because i had a proxy server and 20-30 people are connected to it. "127.0.0.1 www.facebook.com" is only block at host PC. Anyway thanks for your reply. But it not work anymore

Last edited by tanin007; 01-01-2012 at 03:06 AM.
 
Old 01-01-2012, 03:09 AM   #7
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by k3lt01 View Post
You could just add
Code:
127.0.0.1 www.facebook.com
to your hosts file after all the other entries.
That would need to be added to all the client machines on the network, as the OP isn't currently using Squid for HTTPS.
 
Old 01-01-2012, 03:26 AM   #8
tanin007
LQ Newbie
 
Registered: Dec 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
It's is not possible because no one give you the access of their PC. And even if they did, after some period of time when i am not in there they easily delete the entry and get full access. please if you do not know the proper solution please do not post something that looks very funny.
 
Old 01-01-2012, 03:34 AM   #9
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,761

Rep: Reputation: 576Reputation: 576Reputation: 576Reputation: 576Reputation: 576Reputation: 576
Quote:
Originally Posted by tanin007 View Post
I tried in many way and post many times. But some person tell me that it is impossible to block https://www.facebook.com. So i need help to actually how can i do this? And in where of my configuration i need to change so that it block https://www.facebook.com
facebook can be blocked I have done it many times but not using squid.

Quote:
Originally Posted by tanin007 View Post
And 127.0.0.1 www.facebook.com is not applicable here because i had a proxy server and 20-30 people are connected to it. "127.0.0.1 www.facebook.com" is only block at host PC. Anyway thanks for your reply. But it not work anymore
Quote:
Originally Posted by phil.d.g View Post
That would need to be added to all the client machines on the network, as the OP isn't currently using Squid for HTTPS.
Yeah sorry about that. I thought the OP may be just learning squid on his own PC and while my answer wasn't much help it would work if my assumption was correct. However without knowing his network setup it is difficult, for me, to give any advice so I will watch and learn.
 
Old 01-01-2012, 03:55 AM   #10
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by k3lt01 View Post
Yeah sorry about that. I thought the OP may be just learning squid on his own PC and while my answer wasn't much help it would work if my assumption was correct. However without knowing his network setup it is difficult, for me, to give any advice so I will watch and learn.
No need to apologise. I made the assumption there was a number of client computers and a proxy server, I guess I was lucky.

tanin007, I have linked to several resources including a tutorial to get you started. I'm not going to regurgitate that information. It would be a waste of my time, and some specifics may get left out.

Reading http://www.comfsm.fm/computing/squid/FAQ-1.html#ss1.12 and http://www.ietf.org/rfc/rfc2817.txt I would make the assumption that it isn't necessary to terminate the SSL connection at Squid in order to implement blocking Facebook. Following the previously linked to tutorial should be sufficient.
 
Old 01-13-2012, 08:09 AM   #11
swappie
LQ Newbie
 
Registered: Jan 2012
Posts: 4

Rep: Reputation: Disabled
Smile Ban Facebook SSL (iptables)

Hi! I had the same problem recently which made me starting working on a project named BAN FACEBOOK SSL. I've created a page which generates a bash script. It grabs the classes of Facebook.com and created the iptables OUTPUT rules on the fly for you. Once you run it on the gateway (if that's linux based) it should work. I know that it can be done with FORWARD or PREROUTING and stuff, but you have to specify the interfaces and so on. So, this was the simplest way to do it . I will publish soon a bash script which grabs the classes of Facebook.com and applies the iptables rules straight away, created back-up of the initial firewall and so on. Use it with case: www.bfssl.tk (this is my project and don't forget to read the disclaimer).

If there's anyone having ideas or wants to contribute, please contact me.

Cheers,
Alex
 
1 members found this post helpful.
  


Reply

Tags
squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptable rules to block https://www.facebook.com mandyapenguin Linux - Newbie 20 02-12-2013 04:21 AM
block facebook on linux server.. kurt fazrt Linux - Server 5 06-12-2010 09:09 PM
how to block https for some ips Winanjaya Linux - Security 2 11-30-2009 11:13 PM
How to block facebook?.. Winanjaya Linux - Security 3 11-30-2009 09:04 AM
Block https Traffic anu_here Linux - Security 8 10-30-2009 03:42 AM


All times are GMT -5. The time now is 10:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration