Thank you very much for you help i also thought for the same but it doesn't help me. because i like to block this on certain time window. like it will b allowed only in lunch hours or after COB so this might not work. any suggestion on this scenario. Thanks, On Mon, Feb 27, 2012 at 8:45 PM, Naira Kaieski <naira@xxxxxxxxx> wrote: > Hi, > > I can block https access on firewall. Try it: > > IPTABLES=`which iptables` > > $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook > $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook > $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook > $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook > $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook > > or > > $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp --dport 443 -j DROP # > facebook > $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp --dport 443 -j DROP # facebook > $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp --dport 443 -j DROP # > facebook > $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp --dport 443 -j DROP # > facebook > $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp --dport 443 -j DROP # facebook > > The rules above will block all traffic for the defined networks. > Squid does not filter https traffic directly like the http. I think that you > are using transparent proxy in your LAN. > > Naira Kaieski > Linux Professional Institute - LPI 101 > > > Em 27/2/2012 12:28, Muhammad Yousuf Khan escreveu: > >> acl testdomain dstdomain .facebook.com >> http_access deny testdomain >> >> above is my acl how ever http works fine it blocked now when i go to >> https facebook it just allow it. >> how can i stop this. kindly help >> >> Thank you. >> >> MYK
