Koozali.org: home of the SME Server

Filter https access to facebook

Offline masotsha

  • 14
  • +0/-0
Filter https access to facebook
« on: February 02, 2015, 12:07:40 PM »
Hello,

I'm using smeserver-webfilter. I notice users can bypass squidguard filtering to facebook by just typing https://www.facebook.com. How do I enforce filter of https to such sites?

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #1 on: February 02, 2015, 02:39:24 PM »
search with google for "squid rule block facebook".. I remember the "connect" key but can't help you more..

then it's "only" a matter of creating the right fragment, come back here

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #2 on: February 02, 2015, 04:41:22 PM »
ok..

Code: [Select]
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
cd /etc/e-smith/templates-custom/etc/squid/squid.conf
nano 20ACL40bannedsites

the content must be:
Code: [Select]
acl bannedsites dstdomain .facebook.com

save and exit, then
Code: [Select]
nano 40http_access15denyconnectBannedsites

the content must be:
Code: [Select]
http_access deny CONNECT bannedsites

save and exit, then

Code: [Select]
signal-event proxy-update

tested on SME 8.1, working for me.. in the first fragment you can add, on the same line, as many domain as you need, separated with a space

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #3 on: February 02, 2015, 05:09:28 PM »
I can confirm it works for me in SME 8 and SME 9

Offline stephdl

  • *
  • 1,514
  • +0/-0
    • Linux et Geekeries
Re: Filter https access to facebook
« Reply #4 on: February 02, 2015, 11:24:57 PM »
does this is referenced somewhere in the documentation ?
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

guest22

Re: Filter https access to facebook
« Reply #5 on: February 03, 2015, 02:06:29 AM »

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #6 on: February 03, 2015, 10:03:40 AM »
@stephdl: AFAIK no
@RequestedDeletion: AFAIK, neither squidguard nor dansguardian contrib can selectively deny access to https sites

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Filter https access to facebook
« Reply #7 on: February 03, 2015, 09:21:50 PM »
masotsha

Here is one way:

Add whatever domain you wish to block access to eg facebook.com, as a virtual domain in the Domains panel of server manager.
Configure the panel to resolve DNS locally for that domain, & then when users access https://facebook.com they will be directed to your main domain website.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Filter https access to facebook
« Reply #8 on: February 03, 2015, 09:24:59 PM »
Stefano

Quote
AFAIK, neither squidguard nor dansguardian contrib can selectively deny access to https sites

In DG you can block access to the login site (check logs to see actual pages being accessed), if you cannot login you cannot access facebook etc.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #9 on: February 03, 2015, 10:01:45 PM »
masotsha

Here is one way:

Add whatever domain you wish to block access to eg facebook.com, as a virtual domain in the Domains panel of server manager.
Configure the panel to resolve DNS locally for that domain, & then when users access https://facebook.com they will be directed to your main domain website.


in this way you have some side effects.. let's say I want to block playboy.com (i.e. I don't want my user surf playboy's website).. if I add playboycom to my domains, I'll never be able to send an email to that domain.. and this can be an issue...

Offline Stefano

  • *
  • 10,819
  • +1/-0
Re: Filter https access to facebook
« Reply #10 on: February 03, 2015, 10:02:14 PM »
Stefano

In DG you can block access to the login site (check logs to see actual pages being accessed), if you cannot login you cannot access facebook etc.

AFAIK DG doesn't block https sites

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Filter https access to facebook
« Reply #11 on: February 03, 2015, 10:12:15 PM »
Stefano

The OP wants workaround solutions, so sometimes there are consequences eg email issues you mention.
I have seperately advised OP to use DG if more control is required.

Re site login, typically/usually/often a site will access other sites during the https login process. You can see these in the access logs eg squid. If you block those (with DG or however), then you block access to the main site of concern.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.