got something to share with you all...a day before i got some request of blocking a particular site using https. i tried using squid but could not get luck....on reading through different topics i realized https does not go through squid..it simply bypass squid so trying to block the https with squid was worthless.
then moving on further i tried blocking with iptables using the below pattern
iptables -I OUTPUT-d facebook.com ---dport 443 -j DROP
it didn't work either.....don't know what exactly was the problem
then later on i tried blocking before nat using the pattern below:
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.facebook.com --dport 443 -j DROP
guess what it worked...i even customized it a bit more using more commands:
iptables -t nat -I PREROUTING -m tcp -p tcp -m iprange --dst-range 220.127.116.11-18.104.22.168 --dport 80 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -d 22.214.171.124 --dport 80 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -d 126.96.36.199 --dport 443 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -m iprange --dst-range 188.8.131.52-184.108.40.206 --dport 443 -j DROP
i even blocked port 80 using iptables rather not using the content filtering....let me add more i am not sure but i think content filtering does not work with https.please correct me if i am wrong...
finally i was able to block the whole facebook domain using both http and https requests.
and on permanently adding the above commands to
and restarting firewall i need not to worry about my commands to be flushed
Now i am able to block facebook like a charm...it was really fun blocking it. the same procedure can be used to block any particular domain.
for blocking https for all domain one can use a simpler method using the protocol filtering.
the above method is for blocking a particular domain
hope this thread helps to the people who are looking to block https for a particular domain.