Re: [squid-users] https facebook dstdomain acl doesn't work

From: Naira Kaieski <naira_at_faccat.br>
Date: Mon, 27 Feb 2012 12:45:55 -0300

Hi,

I can block https access on firewall. Try it:

IPTABLES=`which iptables`

$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook

or

$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp --dport 443 -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp --dport 443 -j DROP # facebook

The rules above will block all traffic for the defined networks.
Squid does not filter https traffic directly like the http. I think that
you are using transparent proxy in your LAN.

Naira Kaieski
Linux Professional Institute - LPI 101

Em 27/2/2012 12:28, Muhammad Yousuf Khan escreveu:
> acl testdomain dstdomain .facebook.com
> http_access deny testdomain
>
> above is my acl how ever http works fine it blocked now when i go to
> https facebook it just allow it.
> how can i stop this. kindly help
>
> Thank you.
>
> MYK
Received on Mon Feb 27 2012 - 15:46:04 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 28 2012 - 12:00:10 MST