Hi,
I can block https access on firewall. Try it:
IPTABLES=`which iptables`
$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook
or
$IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp --dport 443 -j DROP # facebook
$IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp --dport 443 -j DROP #
facebook
$IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp --dport 443 -j DROP # facebook
The rules above will block all traffic for the defined networks.
Squid does not filter https traffic directly like the http. I think that
you are using transparent proxy in your LAN.
Naira Kaieski
Linux Professional Institute - LPI 101
Em 27/2/2012 12:28, Muhammad Yousuf Khan escreveu:
acl testdomain dstdomain .facebook.com
http_access deny testdomain
above is my acl how ever http works fine it blocked now when i go to
https facebook it just allow it.
how can i stop this. kindly help
Thank you.
MYK
