LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-06-2010, 11:38 PM   #1
k_oudom
Member
 
Registered: Aug 2009
Posts: 280

Rep: Reputation: 30
Block a domain using URL Filter


Can you show me how to block a domain from local access through URL Filter? May be an example is a very good start.

http://www.urlfilter.net/images/scre...ll-3-proxy.png

http://www.urlfilter.net/images/scre...-urlfilter.png
 
Old 05-08-2010, 10:24 PM   #2
paranoidx
LQ Newbie
 
Registered: Jul 2006
Posts: 24

Rep: Reputation: 2
If you are trying to block from a handful of LAN computers, you can use the /etc/hosts file, so say if you want to block www.somesite.com, you would add an entry like:

Quote:
/etc/hosts
127.0.0.1 www.somesite.com somesite.com
127.0.0.1 www.anothersite.com anothersite.com
note: does not support wildcard so you have to list all the possible domains

and copy/repeat for the remaining LAN computers.

as with your URL filter question, I can't see the screenshot with:
Quote:
Originally Posted by k_oudom
http://www.urlfilter.net/images/screenshots/tn-smoothwall-3-urlfilter.png
so can you repost that screenshot that is readable please.
 
Old 05-09-2010, 03:23 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Using the /etc/hosts file for this still leaves the site accessible by its IP. Do you have a proxy server which your clients are forced to use? That's a quick and effective location to block specific domains.
 
Old 05-09-2010, 09:09 PM   #4
k_oudom
Member
 
Registered: Aug 2009
Posts: 280

Original Poster
Rep: Reputation: 30
Sorry, Here is the second screenshot.
http://www.urlfilter.net/images/scre...-urlfilter.png
 
Old 05-09-2010, 11:39 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by k_oudom View Post
Sorry, Here is the second screenshot.
http://www.urlfilter.net/images/scre...-urlfilter.png
Oh, okay. So you already have a GUI-based tool for this and that's what you need help with. Well, after having a look at the screenshot, I'd say you just need to add the domain to the text box titled "Blocked domains (one per line)". Example:
Code:
microsoft.com
sco.com
adobe.com
Seems pretty straightforward to me.
 
Old 05-09-2010, 11:44 PM   #6
k_oudom
Member
 
Registered: Aug 2009
Posts: 280

Original Poster
Rep: Reputation: 30
But it didn't work. Should I use proxy in client broswer?
 
Old 05-10-2010, 01:04 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by k_oudom View Post
But it didn't work. Should I use proxy in client broswer?
That would depend on how you've got things set up, which is something you haven't described to us.

Still, you could always try it and see.
 
Old 05-10-2010, 01:34 AM   #8
k_oudom
Member
 
Registered: Aug 2009
Posts: 280

Original Poster
Rep: Reputation: 30
It work without proxy setting in client web browser? Just check on Transparent. Thanks.
 
Old 05-10-2010, 04:56 AM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by k_oudom View Post
It work without proxy setting in client web browser? Just check on Transparent. Thanks.
Transparent proxies only work for HTTP (not HTTPS). That is, unless your tool lets you do a MITM attack, of course. But if you only care about filtering HTTP access then you're set, regardless.
 
Old 05-10-2010, 05:11 AM   #10
k_oudom
Member
 
Registered: Aug 2009
Posts: 280

Original Poster
Rep: Reputation: 30
So I can only block http connection. Do you think this GUI can block https?
 
Old 05-10-2010, 05:17 AM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by k_oudom View Post
So I can only block http connection. Do you think this GUI can block https?
I can't speak for this specific tool, as I'm not familiar with it. But generally speaking, if you really want to do HTTPS filtering with a proxy, then you'll need to disable SNAT and configure the clients to use the proxy for HTTPS (HTTP can still be handled transparently). This is the same as forcing them to use the proxy, except you're not doing it transparently. The other method, like I said before, would involve a MITM attack in order to transparently filter both HTTP and HTTPS.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IpCOP Url Filter (squid guard) gurl4sh25 Linux - Distributions 1 10-21-2010 05:00 AM
i want to block a URL from squid Atifkhan Linux - Enterprise 3 02-23-2010 02:47 PM
how to block url`s with iptables stirring Linux - Networking 4 02-22-2010 05:00 PM
Need layer 7 filter rule to block .teamviewer tranceash Linux - Security 2 07-27-2009 03:30 PM
IPtables - block subdomains (a.domain.com, b.domain.com, c.domain.com,...) benjalien Linux - Networking 6 06-24-2009 08:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration