Page 1 of 1

How to block HTTPS facebook and other HTTPS websites?

Posted: Tue Nov 16, 2010 6:54 pm
by Iain123
Hope you can advise me on this.



Got the Web Filtering up and running at the Pic Mobert school and have run into one thing that I hope you can assist me on.



I have sites blocked via a blacklist entry such as:



*facebook*



You enter in http://www.facebook.com and the denial page comes up. Some of the students have found a work-a-round and by adding in an “s” so the URL now reads https://www.facebook.com this now loads up facebook and the denial page does not come up. They have by-passed the web filtering software on a few other sites as well by adding in the “s”.



I had assumed a blacklist entry using the *facebook* wild card would block any site with “facebook” in the address bar, but obviously not so.



I cannot block all secure sites as the business logs into secure sites for their on-line banking and on-line secure training courses.







I am not sure exactly the best approach to block this kind of user action?

How to block HTTPS facebook and other HTTPS websites?

Posted: Tue Nov 16, 2010 7:03 pm
by gengw2000
The "Website black/white list" can not block https websites.



You may enable the "HTTPS black/white list" to block https websites in the "Other" tab of a certain blocking level.



How to block HTTPS facebook and other HTTPS websites?

Posted: Tue Nov 16, 2010 10:12 pm
by Iain123
Yes I saw that prior to contacting you and had tried the https backlist

option.



When I add in *facebook* to the https blacklist and try to access it via:

https://www.facebook.com

I do not get the default denial page but the IE white page as shown in the

attachment. So I figured I was doing something wrong with this approach as

expected the denial page to be displayed.

So the https blacklist does block the https website, but should not the

denial page be displayed?



Attached files

How to block HTTPS facebook and other HTTPS websites?

Posted: Tue Nov 16, 2010 10:20 pm
by gengw2000
Denial page is not supported for blocking HTTPS websites.



It is because HTTPS traffic is encrypted, we can not inject a denial page to an encrypted connection.