On 21/08/2013 11:58 p.m., Alfredo Rezinovsky wrote:
El 20/08/13 21:21, junio escribió:
I'm okay to block facebook in the company I work for, I can not
redirect port
443 successfully.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/how-do-I-block-facebook-tp4661678.html
Sent from the Squid - Users mailing list archive at Nabble.com.
If you cannot redirect 443 port you should block facebook in a lower
layer, not squid.
You can poison your DNS so it don't answer facebook.com and fbcdn.net
queries. This will work only if all your clients are using your DNS.
You can redirect all the tcp/udp port 53 traffic to your own DNS to
ensure this.
Another way is to block the traffic in the IP layer.
with:
whois -h whois.radb.net '!gAS32934'
You can have an updated facebook IPs lists.
Thinking of which there is the dst_as ACL type in Squid to block based
on the ASN number. Also requires a whois server configured in the
as_whois_server directive.
PS. I'm not sure how well it works since IPv6 support was added.
Feedback welcome.
Amos
