LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Block a domain using URL Filter (https://www.linuxquestions.org/questions/linux-networking-3/block-a-domain-using-url-filter-806413/)

k_oudom 05-06-2010 10:38 PM
Block a domain using URL Filter
 
Can you show me how to block a domain from local access through URL Filter? May be an example is a very good start.

http://www.urlfilter.net/images/scre...ll-3-proxy.png

http://www.urlfilter.net/images/scre...-urlfilter.png

paranoidx 05-08-2010 09:24 PM
If you are trying to block from a handful of LAN computers, you can use the /etc/hosts file, so say if you want to block www.somesite.com, you would add an entry like:

Quote:
/etc/hosts
127.0.0.1 www.somesite.com somesite.com
127.0.0.1 www.anothersite.com anothersite.com
note: does not support wildcard so you have to list all the possible domains

and copy/repeat for the remaining LAN computers.

as with your URL filter question, I can't see the screenshot with:
Quote:
Originally Posted by k_oudom
http://www.urlfilter.net/images/screenshots/tn-smoothwall-3-urlfilter.png
so can you repost that screenshot that is readable please.

win32sux 05-09-2010 02:23 AM
Using the /etc/hosts file for this still leaves the site accessible by its IP. Do you have a proxy server which your clients are forced to use? That's a quick and effective location to block specific domains.

k_oudom 05-09-2010 08:09 PM
Sorry, Here is the second screenshot.
http://www.urlfilter.net/images/scre...-urlfilter.png

win32sux 05-09-2010 10:39 PM
Quote:
Originally Posted by k_oudom (Post 3962686)
Sorry, Here is the second screenshot.
http://www.urlfilter.net/images/scre...-urlfilter.png
Oh, okay. So you already have a GUI-based tool for this and that's what you need help with. Well, after having a look at the screenshot, I'd say you just need to add the domain to the text box titled "Blocked domains (one per line)". Example:
Code:
microsoft.com
sco.com
adobe.com
Seems pretty straightforward to me.

k_oudom 05-09-2010 10:44 PM
But it didn't work. Should I use proxy in client broswer?

win32sux 05-10-2010 12:04 AM
Quote:
Originally Posted by k_oudom (Post 3962783)
But it didn't work. Should I use proxy in client broswer?
That would depend on how you've got things set up, which is something you haven't described to us.

Still, you could always try it and see.

k_oudom 05-10-2010 12:34 AM
It work without proxy setting in client web browser? Just check on Transparent. Thanks.

win32sux 05-10-2010 03:56 AM
Quote:
Originally Posted by k_oudom (Post 3962880)
It work without proxy setting in client web browser? Just check on Transparent. Thanks.
Transparent proxies only work for HTTP (not HTTPS). That is, unless your tool lets you do a MITM attack, of course. But if you only care about filtering HTTP access then you're set, regardless.

k_oudom 05-10-2010 04:11 AM
So I can only block http connection. Do you think this GUI can block https?

win32sux 05-10-2010 04:17 AM
Quote:
Originally Posted by k_oudom (Post 3963053)
So I can only block http connection. Do you think this GUI can block https?
I can't speak for this specific tool, as I'm not familiar with it. But generally speaking, if you really want to do HTTPS filtering with a proxy, then you'll need to disable SNAT and configure the clients to use the proxy for HTTPS (HTTP can still be handled transparently). This is the same as forcing them to use the proxy, except you're not doing it transparently. The other method, like I said before, would involve a MITM attack in order to transparently filter both HTTP and HTTPS.


All times are GMT -5. The time now is 08:53 PM.