Hi,
I can block https access on firewall. Try it:
IPTABLES=`which iptables`
$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook
or
$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp --dport 443 -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp --dport 443 -j DROP # facebook
The rules above will block all traffic for the defined networks.
Squid does not filter https traffic directly like the http. I think that
you are using transparent proxy in your LAN.
Naira Kaieski
Linux Professional Institute - LPI 101
Em 27/2/2012 12:28, Muhammad Yousuf Khan escreveu:
> acl testdomain dstdomain .facebook.com
> http_access deny testdomain
>
> above is my acl how ever http works fine it blocked now when i go to
> https facebook it just allow it.
> how can i stop this. kindly help
>
> Thank you.
>
> MYK
Received on Mon Feb 27 2012 - 15:46:04 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 28 2012 - 12:00:10 MST