LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to Block HTTPS Traffic? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-block-https-traffic-4175556351/)

kohshan99 10-16-2015 11:33 AM
How to Block HTTPS Traffic?
 
i'm using squid 3.1 transparent.. working fine. but i want to blockk https website not all but like https://facebook.com etc..

frieza 10-16-2015 12:12 PM
https happens on port 443

kohshan99 10-17-2015 01:06 AM
i know https use 443 port. i just want to know how can i block few websites like https://youtube.com https://facebook.com etc.

frieza 10-17-2015 01:36 AM
ok sorry misread, in that case the https is irrelevant, just set up an ACL to block by domain http://www.cyberciti.biz/faq/squid-p...sing-internet/

kohshan99 10-17-2015 11:21 AM
my squid is working fine. i can block websites. i just wan to block https://facebook.com if i open http://facebook.com i got msg that access denied.. mean i can block http site but not https sites.

frieza 10-17-2015 11:27 AM
Quote:
Originally Posted by kohshan99 (Post 5435999)
my squid is working fine. i can block websites. i just wan to block https://facebook.com if i open http://facebook.com i got msg that access denied.. mean i can block http site but not https sites.
facebook is https only, you can browse to http://www.facebook.com until you're blue in the face, it automatically redirects you to https://www.facebook.com, you can't use facebook without https. the same goes for sites like google where any non https requests are simply redirected to https requests, this is by design of the sites in question, not your squid, therefore blocking https access to facebook for instance blocks facebook

don't believe me? click on the http link for facebook, you'll find yourself on https://www.facebook.com

kohshan99 10-19-2015 12:42 AM
Ok i agree with you. but now my question is how can i block some https websites?

kohshan99 10-19-2015 02:54 AM
right now finally i block https://facebook.com by using iptables. but still i can access on client side. just block facebook https traffic on my server. my iptables is

Quote:
root@Proxy:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere edge-star-shv-01-sea1.facebook.com tcp dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere edge-star-shv-01-sjc2.facebook.com tcp dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere edge-star-shv-01-ams3.facebook.com tcp dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere edge-secure-shv-01-ams3.facebook.com tcp dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere instagram-shv-12-prn1.fbcdn.net tcp dpt:https reject-with icmp-port-unreachable

Chain FACEBOOK (0 references)
target prot opt source destination
PHP Code:
iptables=/usr/sbin/iptables
iptables -F
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A OUTPUT -p tcp -d 31.13.76.102 --dport 443 -j REJECT
iptables -A OUTPUT -p tcp -d 31.13.77.6 --dport 443 -j REJECT
iptables -A OUTPUT -p tcp -d 31.13.91.2 --dport 443 -j REJECT
iptables -A OUTPUT -p tcp -d 31.13.91.17 --dport 443 -j REJECT
iptables -A OUTPUT -p tcp -d 69.171.237.16 --dport 443 -j REJECT
echo > /proc/sys/net/ipv4/ip_forward 

kohshan99 10-24-2015 02:06 AM
Facebook
 
An option is to blackhole routes to network blocks: (Listed are for FB)


Quote:
ip route add blackhole 69.171.224.0/19
ip route add blackhole 74.119.76.0/22
ip route add blackhole 204.15.20.0/22
ip route add blackhole 66.220.144.0/20
ip route add blackhole 69.63.176.0/20
ip route add blackhole 173.252.64.0/18
now facebook is blocked..


All times are GMT -5. The time now is 04:03 PM.