Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

guide me for IPTABLES blocking any specific domain over https

Posted on 2010-11-08
6
501 Views
Last Modified: 2012-06-27
i want to block a block of public ip/domain for access over my network, the traffic goes over https as transperant squid doesnot block by creating list of blocked list, please guide
0
Comment
Question by:daniluv
6 Comments
 
LVL 11

Expert Comment

by:jgiordano
ID: 34088249
Squid will block domains, maybe the syntax you are using is wrong


Q. How do I block any website accessing the Internet using squid proxy server?

A. You can simply use squid ACL to block access to any web site. There are 3 steps:

#1. Create a text file with blocked domain name list such as baddomain1.com, mail.yahoo.com, gmail.com and so on

#2. Define Acl

#3. Restart squid

First, create a file called /etc/squid/blocked.domains.acl
# vi /etc/squid/blocked.domains.acl

Append domain names,
gmail.com
baddomain.com
sex.com
mail.yahoo.com

Save and close the file. Open squid.conf file:
# vi /etc/squid/squid.conf

Create acl called blockeddomain:
acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"

Deny http access, enter:
http_access deny blockeddomain

Close and save the file. Restart squid proxy server:
# /etc/init.d/squid restart
0
 

Author Comment

by:daniluv
ID: 34088585
actually i want to block facebook and this way problem still persist, all i want is to work my iptables to drop the packets for a specift domain/ip which is not being able to be blocked through https...
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34094716
iptables doesn't know about domains, on ip addresses.

You might try something like OpenDNS (www.opendns.com) to block "social networking" sites.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 1

Expert Comment

by:aartha
ID: 34126851
Use squid acl to block instead of IPTABLE
create a text file using any editor named block.txt in /etc/squid/


####Create acl called block:
acl block url_regx -i "/etc/squid/block.txt"

#Do the following in appropriate place
http_access deny block

#Reconfigure squid proxy server:
squid -k reconfigure
0
 
LVL 4

Accepted Solution

by:
Thankxx earned 500 total points
ID: 34202841
Hello daniluv,

Try this to block facebook using iptables for both 443(SSL) and 80 port:

sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j REJECT
sudo /sbin/iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j REJECT
0
 

Author Closing Comment

by:daniluv
ID: 37006755
because squid does not judge the https traffic
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
(Open)LDAP V2.44  search proxy to AD (W2012R2) 37 173
awk sed 8 67
cannot rename datastore 3 72
How does PHP Storm display on Linux high resolution laptops? 1 37
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question