DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor 2910 3.2.3.1 - Blocking https://facebook.com

More
30 Nov 2009 12:53 #59113 by admin

CCT wrote:

Well actually it's students who have been youtubing.....They are aware they are not supposed to be on facebook



The IP filter examples on the FAQ should help but facebook etc. probably have quite a few IP ranges you need to include.

but on your above comment, withdraw their Internet access to remind them about rules... Routers are great, but IMHO need to be in tandem with an AUP and penalties for breaches...otherwise there's no incentive for them to not find ways around the security...



Forum Administrator

Please Log in or Create an account to join the conversation.

More
30 Nov 2009 12:55 #59114 by admin

paulj48 wrote: Do you run an internal DNS ? if so you could create a zone for facebook.com and point it to a different I.P address.



Not if they are using HTTPS as the URL is obfuscated; if it's regular clear HTTP you also need to block external DNS access to stop bypassing. If its your own PCs and they're locked down, you can also use bogus entries in the HOSTS files.



Forum Administrator

Please Log in or Create an account to join the conversation.

More
01 Dec 2009 10:26 #59133 by paulj48

admin wrote:
Not if they are using HTTPS as the URL is obfuscated;



If thats the case how are domain names using https resolved then as I'm curious now.

I run my own DNS as part of a win2003 active directory with a DNS forwarder to Open DNS for Non-authoritive resolves, if the URL is 'obfuscated' how does Open DNS resolve the name?

Please Log in or Create an account to join the conversation.

More
01 Dec 2009 13:00 #59135 by admin
Actually, yes, you're right, sorry. The URL in the DNS resolution is not obfuscated, only the request to the remote web server.



Forum Administrator

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami