Solved

guide me for IPTABLES blocking any specific domain over https

Posted on 2010-11-08
6
494 Views
Last Modified: 2012-06-27
i want to block a block of public ip/domain for access over my network, the traffic goes over https as transperant squid doesnot block by creating list of blocked list, please guide
0
Comment
Question by:daniluv
6 Comments
 
LVL 11

Expert Comment

by:jgiordano
ID: 34088249
Squid will block domains, maybe the syntax you are using is wrong


Q. How do I block any website accessing the Internet using squid proxy server?

A. You can simply use squid ACL to block access to any web site. There are 3 steps:

#1. Create a text file with blocked domain name list such as baddomain1.com, mail.yahoo.com, gmail.com and so on

#2. Define Acl

#3. Restart squid

First, create a file called /etc/squid/blocked.domains.acl
# vi /etc/squid/blocked.domains.acl

Append domain names,
gmail.com
baddomain.com
sex.com
mail.yahoo.com

Save and close the file. Open squid.conf file:
# vi /etc/squid/squid.conf

Create acl called blockeddomain:
acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"

Deny http access, enter:
http_access deny blockeddomain

Close and save the file. Restart squid proxy server:
# /etc/init.d/squid restart
0
 

Author Comment

by:daniluv
ID: 34088585
actually i want to block facebook and this way problem still persist, all i want is to work my iptables to drop the packets for a specift domain/ip which is not being able to be blocked through https...
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34094716
iptables doesn't know about domains, on ip addresses.

You might try something like OpenDNS (www.opendns.com) to block "social networking" sites.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Expert Comment

by:aartha
ID: 34126851
Use squid acl to block instead of IPTABLE
create a text file using any editor named block.txt in /etc/squid/


####Create acl called block:
acl block url_regx -i "/etc/squid/block.txt"

#Do the following in appropriate place
http_access deny block

#Reconfigure squid proxy server:
squid -k reconfigure
0
 
LVL 4

Accepted Solution

by:
Thankxx earned 500 total points
ID: 34202841
Hello daniluv,

Try this to block facebook using iptables for both 443(SSL) and 80 port:

sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j REJECT
0
 

Author Closing Comment

by:daniluv
ID: 37006755
because squid does not judge the https traffic
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrating an SQL 2008 database to Oracle 12c 3 88
Edit linux file using python 4 40
nagios remote hosts 9 46
Printing to old printer through Linux (CUPS) Print Server? 7 47
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now