IP ranges to block FaceBook and Myspace?


I need to block facebook and myspace (any suggestion of a like sites is welcome),
But I could not know the exact IPs to block, and I'm afrai to block the whole  69.63.x.x range. for facebook, it might include other websites.
Any Help is appreciated
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Here are some facebook ips
 www.facebook.com A INET
 www.facebook.com A INET
 www.facebook.com A INET
 www.facebook.com A INET
 www.facebook.com A INET
 www.facebook.com A INET

You can search for myspace ips also, but your best bet is to get some type of content/web filter. If cost is an issue. There is a good open source solution called Untangle. I use this at home for my kids. It works well. www.untangle.com

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
how many computers?
You could add this to the host file on the computer. If the user is not admin they cannot change it.

open it with notepad and add these lines at the bottom.

that is domainName  TAB  IPaddress

this will force the machine to connect to the loopback address for those domain names.

Donnie is on to something. That makes a lot of sense too. Take into account that these sites have lots of subdomains also.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

khamees79Author Commented:
Thanks guys, I'm talking about 80+ computers, so editing host files is not an option for me,
as I need a flexible solution to allow some, add more domains in the black list,etcc
Untangle might be an option (can not afford ISA server now), I downloaded it today, will test tomorrow.
If you guys can suggest some open source suite that can cache the sites too, I would be very thankful.
I will return with more info about my test soon.

Best Regards
If you did want to edit the host file of all of the computers you could just write a login script that would copy the update host file, or use a group policy.

As for open source caching I have heard that squid is pretty good. Haven't used it myself, but plan on messing around with it when I get some time.

You could add the domain names to your internal dns, this would cause the traffic to drop. I think this is sloppy but it would work.

Trying to blacklist IP's is a nightmare.

You should have no trouble finding open source firewall with url filter

the problem is to deploy in production will require testing for stability and security.

The ASA 5505 will do what you are asking using RegEX.


I agree with the addition of catchall DNS names in your local DNS server that resolve to something like your homepage or another location you pick.
You will need to create a new DNS zone in your DNS server for facebook.com or whatever other sites you want to block and then add an a record for * to catchall subdomains they might try and also a blank record. This should solve your problem.
BTW - this cannot be done with an ASA 5505 to my knowledge... it requires the CSC module it at minimum an ASA 5510.
khamees79Author Commented:
changing the DNS would create a problem, as some employees need these sites to be open for their work. so i'm considering Untangle , i did not use it yet, but i read many good things about it, specially the add on to integrate it with AD.
for the time being, i'll just block the popular IPs of facebook, then pray .

thanks all for your help.
khamees79Author Commented:
one more thing,  I wounder SOULJA if you can give me a hint (or a frame script ) that will edit the host files?
Interesting debate, and I can see the need sometimes, but...

Is it not possible to log the access to those sites, and then tell users that they loose their job accessing it, if it's not part of their job to do so?

That's what we do.
I agree! We are Adminstrators, not policemen!

For the companies I have worked for, It is my job that is lost if I'm not successful at blocking unwanted non company related material.

Agreed it's not our job, but sometimes it can mean the difference between keeping someone on who is a good salesperson and letting them go because they won't listen to instruction. So for the good of the company...
Pete LongTechnical ConsultantCommented:
using MPF to block Facebook http://www.petenetlive.com/TecBin/KB/0000054.htm
Pete LongTechnical ConsultantCommented:
Might be better off blocking by regex on dns names and a policy map


Its easy to add other domains using this method - once set up just add a regex for the domain names to block
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.