Solved

how to block https facebook.com?

Posted on 2011-03-02
22
7,475 Views
Last Modified: 2012-05-11
I blocked facebook.com  and youtube.com in firewall and  users cant open this sites.

but when they try to open  https://facebook.com or  https://youtube.com my block rule dont works...

how can i block https://facebook.com and Https://youtube.com ???

We use sonicwall firewall.
0
Comment
Question by:Mirceyhun
  • 9
  • 9
  • 2
  • +2
22 Comments
 
LVL 7

Expert Comment

by:wparrott
Comment Utility
Easiest way is with the SonicWall SSL Control Feature.

Here's a link to step-by-step instructions:

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5853&formaction=catalert

HTH,

-W
0
 

Author Comment

by:Mirceyhun
Comment Utility
sorry... but it didnt help... (
0
 
LVL 6

Expert Comment

by:alienXeno
Comment Utility
You can just blackhole these sites in your internal corp DNS. redirect them to some internal webserver hosting a block page  or just resolve them to 127.0.0.1.
0
 

Author Comment

by:Mirceyhun
Comment Utility
Our VIP users must be able to open Facebook and Youtube...
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
what model of sonicwall do you have? is it enhanced or standard OS?

i think you need to enable the following on your sonicwall: go to security services > content filter > Configure > check Enable IP based HTTPS Content Filtering.
0
 

Author Comment

by:Mirceyhun
Comment Utility
Sonicwall nsa2400

IP based HTTPS Content Filtering  enabled... but didnt help
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
reading through the comments again, i see some contradiction. you say in your question that you want to disable https://facebook.com, but then i see you need it opened? can you elaborate on this a little?
0
 
LVL 1

Expert Comment

by:Akash Bansal
Comment Utility
i am having the similar issue, I have CISCO RVS4000 with protectlink security service which helps me to block web category
It blocks facebook.com but when the user put https://facebook.com it does not block the site.
I do not want to modify LMHOST on each computer.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
@Mirceyhun :: doing some more looking, i discovered the KB below.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3590

with that, if you use the following public IPs to suplement that check box checked in the forbidden domain, 69.63.181.12, 69.63.189.11, 69.63.189.16, i think you'll find that https://www.facebook.com will be blocked.

@BansalAkash :: Do you currently have a question open for this particular issue?
0
 

Author Comment

by:Mirceyhun
Comment Utility
Ip blocking didnt help
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
clarification, you need facebook blocked whether HTTP or HTTPS, right? currently, on ANY workstation, facebook for HTTP is being blocked, but ANY workstation that tries to connect at HTTPS for facebook isn't blocked, right?

so, the content filter IS working, but not for ANY HTTPS sites, right?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:Akash Bansal
Comment Utility
@digitap its true in my case
No I haven't opened any case for this question
0
 

Author Comment

by:Mirceyhun
Comment Utility
@ yes you are right
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
ok...let's change things up a bit. review the kb below. it walks through using the application firewall. are you licensed for that?

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8190
0
 

Author Comment

by:Mirceyhun
Comment Utility
I tried it. but users still can access https facebook ((
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
something else is going on. i can't say for certain without seeing your settings. is the firmware up to date on your sonicwall? sorry, if that's already been covered.
0
 

Author Comment

by:Mirceyhun
Comment Utility
our license expired in 25.02.2011. new license will come in aprel... but i dont think that is a reason... because everythink works fine yet. and we can block sites. only https sites are problem.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
i know it seems hard to believe, but you've followed all of the KBs i've posted so it the only thing left i can think of is the firmware. what version are you currently on?
0
 

Author Comment

by:Mirceyhun
Comment Utility
5.6.0.10-52 - firmvare version
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
you have the version right before the Early Release, which is at version 5.8.0.2-37o. Early Release is not beta and includes fixes but also features that have not been enabled yet. i've been instructed by support to install Early Release firmware to resolve issues. also, i've seen early release firmware resolve issues that were not in the release notes.

by the way, your current issue is NOT mentioned in the release notes.
0
 

Author Closing Comment

by:Mirceyhun
Comment Utility
thanks i will try
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
ok...report back one way or the other. i don't want to claim the points if this wasn't the solution, although i appreciate the points.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now