If you donĀ“t want any www.facebook.com connections at all you can use the DNS Forwarder to change its IP to something else...
On 30 June 2010 17:29, Luke Jaeger <[email protected]> wrote: > thanks Jim - > > I got the impression from reading the pfsense forum that there is a way to > block https for specific domains by denying the connect method - am I > understanding this wrong? > > Otherwise I might give WPAD a try. > > > Luke Jaeger | Technology Coordinator > Pioneer Valley Performing Arts Charter Public School > www.pvpa.org > > On Jun 30, 2010, at 4:06 PM, Jim Pingle wrote: > > On 6/30/2010 4:00 PM, Luke Jaeger wrote: >> >>> I decided to enable transparent proxy on my school firewall because I >>> was getting a million requests a day to configure proxy settings on >>> student laptops. >>> >>> But now that I turned on transparent proxy, students have discovered >>> that they can get to banned sites (like facebook) via https. >>> http://www.facebook.com is blocked but https://www.facebook.com still >>> works. >>> >>> Can someone let me know how to block these? I understand I have to deny >>> the 'connect method' but don't see where to do this. Can this only be >>> done in command line? >>> >> >> You cannot transparently proxy SSL connections. You would have to deny >> outbound access to port 443 and if they want SSL, they must configure >> the proxy settings into their browser(s) either by hand or automatically >> with something like WPAD. >> >> Jim >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- "Those of you who think you know it all upset us who do!"
