Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[rexix]

Hi,
i have one firewall dlink dfl-260
all my alg http restrictions for the users is working. But the problem is when my users for example access facebook.com. by default your digit in the explorer www.facebook.com so the explorer start a http connection and the firewall block with alg configured
but when my users types manually https://www.facebook.com, the firewall not block and show this page in the explorer; the users to circumvent the restriction.

what happing?
what is the solution?

thank you very much

[lingnau]

Technically, you can't inspect nor block HTTPS trafic based on the URL.
What you can do is block traffic based on the host.


I would proceed the following way:

1. Ping the host in questione (Example www.facebook.com = 69.171.242.12)
2. Lookup in a whois tool if this adress range belongs to the company in question.(http://lacnic.net/cgi-bin/lacnic/whois?lg=EN)
3. As found out, their IP range is: 69.171.224.0/19
4. Create an object on DFL with the IP "69.171.224.0/19" and name it "IP-FacebookServers" for example
5. Create a new deny drop rule (Before HTTPS and HTTP NAT rules).
6. Done


That's the best way I've found for doing this on the DFL series. If anyone has a better way, I'm open to hear.

[rexix]

hi, thanks for your response...
ok. accepted solution,..
the problem is that facebook use various ip range's and this is changing constantly.
some with other pages, example hotmail, twitter, etc.
thanks...

[danilovav]

You can change point of view. Block HTTPS for everything and allow only for necessary IP ranges.

[rosales85]

Hello, I would like to know how to do what you indicate?, Because I do not understand where all you have to do what you say. 

Greetings.

P.S. sorry for my English is not very good. -