1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions

ClearFoundation

Forums
Welcome, Guest
Blocking Https---SOLVED
(1 viewing) 1 Guest
Go to bottomPage: 12
TOPIC: Blocking Https---SOLVED
#16002
Blocking Https---SOLVED 4 Years ago  
hi people
got something to share with you all...a day before i got some request of blocking a particular site using https. i tried using squid but could not get luck....on reading through different topics i realized https does not go through squid..it simply bypass squid so trying to block the https with squid was worthless.
then moving on further i tried blocking with iptables using the below pattern
Code:

iptables -I OUTPUT-d facebook.com ---dport 443 -j DROP


it didn't work either.....don't know what exactly was the problem
then later on i tried blocking before nat using the pattern below:
Code:

iptables -t nat -I PREROUTING -m tcp -p tcp -d www.facebook.com --dport 443 -j DROP


guess what it worked...i even customized it a bit more using more commands:
Code:

iptables -t nat -I PREROUTING -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -d 66.220.147.22 --dport 80 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -d 66.220.147.22 --dport 443 -j DROP
iptables -t nat -I PREROUTING -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j DROP


i even blocked port 80 using iptables rather not using the content filtering....let me add more i am not sure but i think content filtering does not work with https.please correct me if i am wrong...

finally i was able to block the whole facebook domain using both http and https requests.
and on permanently adding the above commands to
Code:

/etc/rc.d/rc.firewall.local

and restarting firewall i need not to worry about my commands to be flushed
Now i am able to block facebook like a charm...it was really fun blocking it. the same procedure can be used to block any particular domain.
for blocking https for all domain one can use a simpler method using the protocol filtering.
the above method is for blocking a particular domain
hope this thread helps to the people who are looking to block https for a particular domain.

~prahmod
Pramod Giri
Senior Boarder
Posts: 58
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#21541
Re:Blocking Https---SOLVED 3 Years, 8 Months ago  
Still can access the https: / / facebook.com, despite applying iptables rules above.
There are other solutions?
Andi Micro
Expert Boarder
Posts: 149
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
My Personal Website : www.andimicro.com
ClearOS Indonesia Community : www.clearos.or.id
Company : PT. Netsindo Sentra Computama
 
#22069
Re:Blocking Https---SOLVED 3 Years, 8 Months ago  
facebook have lots of domains and above is what i queried my dns servers and found facebook domains...so may be these domains are not enough in your area...your dns server may be issuing a new facebook domain...so you should just nslookup the facebook domain and query whois..and add commands as above with the newly gained ip address...
i am sure in your case it is blocking some facebook requests but it is still opening due to lack of unblocked new facebook domains which your dns server is issuing in your area..try blocking those ip domains

~prahmod
Pramod Giri
Senior Boarder
Posts: 58
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#22070
Re:Blocking Https---SOLVED 3 Years, 8 Months ago  
Also, if the url is always https: / / facebook.com you could put that in your hosts file on ClearOS and point it to 127.0.0.1. You may also need entries for https: / / www.facebook.com and the http equivalents. This will cause the lookups to fail. It won't block direct IP access (or if someone is really cute they could then edit their local hosts file and add valid IP's back in to the blocked url's).

[edit]I am getting completely different IP's for facebook.com and www.facebook.com. For www.facebook.com I am getting 66.220.149.18 and a who is gives a whole range of 66.220.144.0/20. The firewall rules posted above only picked up one IP in this range. Also note that you can use this address form with the -d so you can do "-d 69.63.176.0/20" instead of "iprange --dst-range 69.63.176.0-69.63.191.255". I would also drop any reference to the port and protocol. It simplifies the rules and makes them more encompassing. Try:
Code:

iptables -t nat -I PREROUTING -d 69.63.176.0/20 -j DROP
iptables -t nat -I PREROUTING -d 66.220.144.0/20 -j DROP


[/edit]
Nick Howitt
Platinum Boarder
Posts: 5769
graphgraph
User Online Now Click here to see the profile of this user
Last Edit: 2011/01/07 07:36 By NickH.
The administrator has disabled public write access.
 
#22238
Re:Blocking Https---SOLVED 3 Years, 8 Months ago  
Pramod Giri wrote: i am not sure but i think content filtering does not work with https.please correct me if i am wrong...


That is correct. Because HTTPS is encrypted, Dansguardian cannot look inside of those requests and responses, so it cannot apply filtering.

I'm on the Dansguardian email list, and this was discussed recently.
Mark
Fresh Boarder
Posts: 8
graphgraph
User Offline Click here to see the profile of this user
Last Edit: 2010/12/26 17:00 By Kilroy.
The administrator has disabled public write access.
 
#29627
Re:Blocking Https---SOLVED 3 Years, 2 Months ago  
${TONG_D} -p tcp --dport 443 -j REDIRECT --to-port 3128 > /dev/null
${TONG_B} -p tcp --dport 443 -j REDIRECT --to-port 3128
somlith phouangmany
Fresh Boarder
Posts: 3
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29629
Re:Blocking Https---SOLVED 3 Years, 2 Months ago  
somlith phouangmany wrote:
${TONG_D} -p tcp --dport 443 -j REDIRECT --to-port 3128 > /dev/null
${TONG_B} -p tcp --dport 443 -j REDIRECT --to-port 3128


Haven't checked that without content filtering but on using content filtering and redirecting to port 8080 would cause a ssl error in most of the pages but http works fine the problem occures with most https in firefox...
so i would not recommend that on a production environment..

~prahmod
Pramod Giri
Senior Boarder
Posts: 58
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29632
Re:Blocking Https---SOLVED 3 Years, 2 Months ago  
let's try below 192.168.0.191 ( by pass ip)

${TONG_P} -s ! 192.168.0.191 -d 69.171.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 66.220.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 64.208.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 61.213.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 96.16.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 125.56.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 125.252.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 210.161.0.0/16 -p tcp --dport 443 -j DROP
somlith phouangmany
Fresh Boarder
Posts: 3
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29636
Re:Blocking Https---SOLVED 3 Years, 2 Months ago  
somlith phouangmany wrote:
let's try below 192.168.0.191 ( by pass ip)

${TONG_P} -s ! 192.168.0.191 -d 69.171.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 66.220.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 64.208.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 61.213.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 96.16.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 125.56.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 125.252.0.0/16 -p tcp --dport 443 -j DROP
${TONG_P} -s ! 192.168.0.191 -d 210.161.0.0/16 -p tcp --dport 443 -j DROP


Hey you are just blocking the whole subnet...Not all the subnet ips are owned by the server like facebook or google. they only have some different pool without those large subnet...
above will just block the wanted page also.
why not just try

$ iptables -t nat -I PREROUTING -p tcp --dport 443 -j DROP

~prahmod
Pramod Giri
Senior Boarder
Posts: 58
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#36679
Re:Blocking Https---SOLVED 2 Years, 7 Months ago  
You are right...We can block or redirect 443 port for all, but in some exceptional cases like some banking site or google apps site, it is making problem. Please suggest anyone for further help.

Thanks and regards
kaustuva
kaustuva
Fresh Boarder
Posts: 3
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 12
  get the latest posts directly to your desktop