Re: [squid-users] https facebook dstdomain acl doesn't work

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Tue, 28 Feb 2012 11:13:15 +0100

On 28.02.12 01:24, Muhammad Yousuf Khan wrote:
>Thank you very much for you help i also thought for the same but it
>doesn't help me. because i like to block this on certain time window.
>like it will b allowed only in lunch hours or after COB so this might
>not work. any suggestion on this scenario.

then you need to deny CONNECT requests to those ranges at particular
time.
Note that HTTPS is encrypted, so you can not really know which
site/page do the people access.

Also note that when people can contact those ranges directly, denying
them on squid will not help.

>On Mon, Feb 27, 2012 at 8:45 PM, Naira Kaieski <naira_at_faccat.br> wrote:
>> $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
>> $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
>> $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
>> $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
>> $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook

-- 
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 
Received on Tue Feb 28 2012 - 10:13:24 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:06 MST