DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

How to block http & https Facebook for only some users?

More
18 Mar 2011 09:10 #66857 by junap
Hi all,

We have a Vigor 2920 (fw 3.3.6) managing a small office network and our boss has asked me to block Facebook for most, but not all of our users (eg management and marketing folks legitimately need to use it).

I can block it easily enough by adding 'facebook.com' as a keyword object and then adding that to the default URL filter, but there's two snags:

1) you can still access https://www.facebook.com/ and
2) it blocks everyone but I need to specify certain machines that can still access it.

The user guide is not that helpful about the details of setting up a filter like this, so could anyone here walk me through it? I'm not a network engineer, just a web developer with some rudimentary network skills. Thanks!

Please Log in or Create an account to join the conversation.

More
26 Mar 2011 11:37 #66983 by markross164
I have the same issue so a response from someone would be hugely appreciated.

Please Log in or Create an account to join the conversation.

More
31 Mar 2011 17:48 #67047 by junap
I got a response from Draytek on this in an email:

The URL filter on draytek router can not block 'HTTPS' traffic because data is encrypted.Router matches the keyword object to block websites which is not possible on encrypted traffic.


Please Log in or Create an account to join the conversation.

More
31 Mar 2011 22:37 #67051 by admin
You can't block urls within SSL, but you can block SSL altogether for specific users (depending on the router model)



Forum Administrator

Please Log in or Create an account to join the conversation.

More
14 Apr 2011 11:04 #67295 by able
For the part you can block (non-ssl) you can block for all and make exception list, for instance put all users that have no limits in a block 192.168.0.1/255.255.255.224 and all other users in the other part (so give ip's above 192.168.0.32 to those users) then put block facebook and put in an exception rule for the first block.

Please Log in or Create an account to join the conversation.

More
26 Apr 2011 15:56 #67455 by abilas
The easiest way to do this is by using a hosts file on the client pc. Providing the client doesn't have too much technical knowledge you could simply enter a loopback to 127.0.0.1 for www.facebook.com.

I have tried to block out sites using the router interface for certain users but found this approach works better.

Hope this helps...

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami