How to Block https www.facebook.com

Posted by Ramel de la Cruz at 2:18 PM

There are so many questions on how to block https facebook.com in the internet, yet there is no easy answer for it. Facebook and other social networking are blocked in school and other other establishment for the reason that it affects the learning process of students and productivity of employees.

In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http.  To solve the problem I need to block https facebook in firewall rules.

To do this  of course we need to a pfsense firewall in our network. We need to download the pfsense installer from this link. You need also to install the squid proxy server to block some of the restricted websites. Here is how to install and configure Squid as a transparent proxy on pfSense

Assuming that you already have pfSense setup. The next thing that we’re going to make is an alias. Select ‘Aliases’ from the firewall menu. Hit the ‘+’ icon to make a new one. You’ll see a screen that looks like this:
Provide the name of the alias, add the host, set the type of an alias as a network ,you can also add a description, and most importantly, you’ll need to specify it by IP address then select the CIDR (network mask) that pertains to each entry. Please refer to this post, Facebook IP addresses, to use the appropriate facebook IP addresses.

Create another alias for the port. Use port 443 for https and port 80 for http websites.
We’ve created the needed aliases, so now we need to tell pfSense to do something about it. So, from the Firewall menu again, add a Rule. We need the rule to go on our LAN tab.
Set the above rules based on these criteria:
  • Reject the the traffic from the LAN
  • TCP connections
  • source is LAN subnet
  • Destination - select host or alias and put in the name of your alias.
  • Set the Destination ports as other and select https
  • No need for any of the advanced options
  • leave the schedule as none
  • leave the gateway default
  • and give it a descriptive name for future reference. 
  • Now, Save and Apply. You’re done.
This is the easy way to block HTTPS websites including facebook.com in pfsense server. If there are better methods to  block https websites, please leave a comment on this page.

UPDATEIn addition, you can use www.nwtools.com to determine the CIDR of the sites you wish to block. 

7 comments:

Farihin Fong said...

but facebook's IP addresses are plenty. How do you block them all?

February 27, 2012 at 9:56 PM
Ramel de la Cruz said...

Please refer to this page..
The IP addresses of Facebook


I been using these IP addresses of facebook and it's working.

March 6, 2012 at 4:53 AM
Anonymous said...

hi sir how about CIDR needed in the settings?

March 28, 2012 at 9:51 PM
Anonymous said...

Using squid in non-transparent mode will block https. You need to set up pfsense as a wpad server, or alternatively set each client browser manually to access the proxy.Plenty of info on the pfsense site, not difficult to do.

June 29, 2012 at 8:15 AM
Anonymous said...

It works well. I tried it by blocking rapidshare.com. Thanks!

July 2, 2012 at 8:49 AM
Anonymous said...

I used OpenDNS...

February 5, 2013 at 3:20 AM
linux said...

If u have Good antivirus with parental control , then u can block https site on that particular PC. It will be the best if u have server edition.
I have Quickheal 2013 total security . it works great.
From
Nitin-India

February 26, 2013 at 2:15 AM

Post a Comment

Subscribe to: Post Comments (Atom)