On 30/06/10 21:29, Luke Jaeger wrote: > thanks Jim - > > I got the impression from reading the pfsense forum that there is a way > to block https for specific domains by denying the connect method - am I > understanding this wrong?
you should definitely be able to create an ACL for access to facebook, something like this: |acl facebook_domains dstdomain .facebook.com |always_direct deny facebook_hosts as someone else said, you'll need to block tcp:443 outbound and tell people to use the proxy, and then probably add this - NOT TESTED, this is cut/paste/hack stuff (adapted from my config to allow MSN to work using squid connect) |acl facebook_methods method CONNECT |http_access deny facebook_methods facebook_domains |always_direct deny facebook_methods --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
