XII. Firewall/Security Features
ExpiredBlocking Facebook with App Enforcement
Blocking Facebook with App Enforcement
DrayTek's Content Security Management (CSM) capabilities include App Enforcement, which is able to block Application services and Apps on mobile devices, tablets etc, to augment the abilities of the Web Content Filter and DNS Filter.
This guide demonstrates how to implement App Enforcement on a DrayTek Vigor router to block both Facebook's website and the Facebook mobile App.
Note - we're not suggesting there's anything wrong with Facebook - this is just for example.
Step 1 - Create an APP Enforcement Profile
- Click on an Index number to create a new profile in [CSM] > [APP Enforcement] Profile
Step 2 - Set up the details in the profile
- Enter a Profile Name to identify the purpose of the profile
- Choose the Facebook in the Instant Message section
Click OK to save the profile.
Step 3 - Apply the App Enforcement Profile
To apply the APP Enforcement Profile, it will need to be processed by the router's Firewall.
To set up a Firewall Filter Rule, go to [Firewall] > [Filter Setup] and click on Set 2. to modify rules in Firewall Filter Set 2, which is the first set of rules processed by the firewall (by default)
Step 4 - Select Firewall Filter Rule To Edit
Click on an un-used Filter Rule number i.e. Rule 2 to set up a Firewall filter rule:
Step 5 - Configure Firewall Filter Rule
Set up the Firewall Filter Rule with these settings:
| 1. | Enable the Filter Rule |
| 2. | Select the Direction as LAN/DMZ/RT/VPN -> WAN |
| 3. | Select Schedule Profiles to apply the block only during the specified hours |
| 4. | Edit the Source IP that the App Enforcement block should apply to |
| 5. | Select Filter as Pass If No Further Match |
| 6. | Select the App Enforcement profile created in Step 2. |
| 7. | Optional: Enable the Syslog options for the router to log via Syslog when this rule is applied to traffic, blocking it |
Click OK to save and apply the Firewall Filter Rule.
Step 6 - Test Facebook
Once the Firewall Filter Rule applying the App Enforcement profile is configured, clients that the rule applies to (set via the Source IP in the Filter Rule) will receive this response when trying to access Facebook.
Conclusion
Once it's confirmed that a web browser is unable to access Facebook, connections from other methods such as the Facebook app should also be unable to connect. App Enforcement operates on the protocols that Facebook uses to determine which connections are going to Facebook's servers and blocks them.
With this setup, any users included in the Source IP range IP addresses (or IP Objects / Groups when those are configured) will not be able to access Facebook's website or services.
How do you rate this article?
- First Published: 16/08/2018
- Last Updated: 22/04/2021