Re: [squid-users] https facebook dstdomain acl doesn't work

From: Muhammad Yousuf Khan <sirtcp_at_gmail.com>
Date: Wed, 29 Feb 2012 01:27:42 +0500

Thanks,

if i use squid as non transparent proxy would it work for HTTPS for
just blocking a domain.

Thanks.

On Tue, Feb 28, 2012 at 3:13 PM, Matus UHLAR - fantomas
<uhlar_at_fantomas.sk> wrote:
> On 28.02.12 01:24, Muhammad Yousuf Khan wrote:
>>
>> Thank you very much for you help i also thought for the same but it
>> doesn't help me. because i like to block this on certain time window.
>> like it will b allowed only in lunch hours or after COB so this might
>> not work. any suggestion on this scenario.
>
>
> then you need to deny CONNECT requests to those ranges at particular time.
> Note that HTTPS is encrypted, so you can not really know which site/page do
> the people access.
> Also note that when people can contact those ranges directly, denying them
> on squid will not help.
>
>> On Mon, Feb 27, 2012 at 8:45 PM, Naira Kaieski <naira_at_faccat.br> wrote:
>>>
>>> $IPTABLES -A FORWARD -d 66.220.149.0/24 -p tcp -j DROP # facebook
>>> $IPTABLES -A FORWARD -d 69.63.190.0/24 -p tcp -j DROP # facebook
>>> $IPTABLES -A FORWARD -d 69.171.224.0/24 -p tcp -j DROP # facebook
>>> $IPTABLES -A FORWARD -d 69.171.229.0/24 -p tcp -j DROP # facebook
>>> $IPTABLES -A FORWARD -d 72.246.62.0/24 -p tcp -j DROP # facebook
>
> --
> Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Despite the cost of living, have you noticed how popular it remains?
Received on Tue Feb 28 2012 - 20:27:50 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:06 MST