Re: [Pfsense-pt] Regra de bloqueio facebook

[Paulo Henrique - BSDs Brasil]

Com proxy configurado no navegador o Squid consegue expecionar trafego 
https ( man-in-the-middle ) ai consegue analisar a url.
Com proxy transparente trafego cryptografado.
Por isso que é impossivel* tal analise.
Att. Paulo Henrique.
Em 20/09/2012 17:32, cesar castro escreveu:
Não entendi essa parte:
 HTTPs sem configuração de servidor proxy direto no navegador não 
funciona

Em 20 de setembro de 2012 17:29, mantunes <mantunes.lis...@gmail.com 
<mailto:mantunes.lis...@gmail.com>> escreveu:

    impossivel via proxy transparente.

    Em 20 de setembro de 2012 17:15, cesar castro
    <cesaralv...@gmail.com <mailto:cesaralv...@gmail.com>> escreveu:
    > Vc quer dizer com proxy transparente?
    >
    >
    > Em 20 de setembro de 2012 17:12, Paulo Henrique - BSD
    > <paulo.rd...@bsd.com.br <mailto:paulo.rd...@bsd.com.br>> escreveu:
    >
    >> Em 20/09/2012 17:04, cesar castro escreveu:
    >>
    >> Se você criar uma groupacl e marcar a opção :
    >> Not to allow IP addresses in URL
    >> Criar uma categoria e adicionar em expressions facebook não
    resolve?
    >>
    >> Em 20 de setembro de 2012 16:56, Paulo Henrique - BSD
    >> <paulo.rd...@bsd.com.br <mailto:paulo.rd...@bsd.com.br>> escreveu:
    >>>
    >>> Para eliminar o facebook definitivamente da rede, faça o seguinte:
    >>>
    >>> Intale o pfblocker ( contribuição de um dos companheiros da
    comunidade
    >>> PFSense-BR )
    >>> Cria a lista com opção de "Deny Both"
    >>>
    >>> E coloque os seguintes endereços na lista.
    >>>
    >>> 204.15.20.0/22 <http://204.15.20.0/22>
    >>> 69.63.176.0/20 <http://69.63.176.0/20>
    >>> 66.220.144.0/19 <http://66.220.144.0/19>
    >>> 69.63.184.0/21 <http://69.63.184.0/21>
    >>> 69.63.176.0/21 <http://69.63.176.0/21>
    >>> 74.119.76.0/22 <http://74.119.76.0/22>
    >>> 69.171.255.0/24 <http://69.171.255.0/24>
    >>> 173.252.64.0/18 <http://173.252.64.0/18>
    >>> 69.171.224.0/19 <http://69.171.224.0/19>
    >>> 103.4.96.0/22 <http://103.4.96.0/22>
    >>> 69.63.176.0/24 <http://69.63.176.0/24>
    >>> 173.252.64.0/19 <http://173.252.64.0/19>
    >>> 173.252.70.0/24 <http://173.252.70.0/24>
    >>> 31.13.64.0/18 <http://31.13.64.0/18>
    >>> 31.13.24.0/21 <http://31.13.24.0/21>
    >>> 66.220.152.0/21 <http://66.220.152.0/21>
    >>> 66.220.159.0/24 <http://66.220.159.0/24>
    >>> 69.171.239.0/24 <http://69.171.239.0/24>
    >>> 69.171.240.0/20 <http://69.171.240.0/20>
    >>> 31.13.64.0/19 <http://31.13.64.0/19>
    >>> 31.13.64.0/24 <http://31.13.64.0/24>
    >>> 31.13.65.0/24 <http://31.13.65.0/24>
    >>> 31.13.67.0/24 <http://31.13.67.0/24>
    >>> 31.13.68.0/24 <http://31.13.68.0/24>
    >>> 31.13.69.0/24 <http://31.13.69.0/24>
    >>> 31.13.70.0/24 <http://31.13.70.0/24>
    >>> 31.13.71.0/24 <http://31.13.71.0/24>
    >>> 31.13.72.0/24 <http://31.13.72.0/24>
    >>> 31.13.73.0/24 <http://31.13.73.0/24>
    >>> 31.13.74.0/24 <http://31.13.74.0/24>
    >>> 31.13.75.0/24 <http://31.13.75.0/24>
    >>> 31.13.76.0/24 <http://31.13.76.0/24>
    >>> 31.13.77.0/24 <http://31.13.77.0/24>
    >>> 31.13.96.0/19 <http://31.13.96.0/19>
    >>> 31.13.66.0/24 <http://31.13.66.0/24>
    >>> 173.252.96.0/19 <http://173.252.96.0/19>
    >>> 69.63.178.0/24 <http://69.63.178.0/24>
    >>> 31.13.78.0/24 <http://31.13.78.0/24>
    >>> 31.13.79.0/24 <http://31.13.79.0/24>
    >>> 31.13.80.0/24 <http://31.13.80.0/24>
    >>> 31.13.82.0/24 <http://31.13.82.0/24>
    >>> 31.13.83.0/24 <http://31.13.83.0/24>
    >>> 31.13.84.0/24 <http://31.13.84.0/24>
    >>> 31.13.85.0/24 <http://31.13.85.0/24>
    >>> 31.13.86.0/24 <http://31.13.86.0/24>
    >>> 31.13.87.0/24 <http://31.13.87.0/24>
    >>> 31.13.88.0/24 <http://31.13.88.0/24>
    >>> 31.13.89.0/24 <http://31.13.89.0/24>
    >>> 31.13.90.0/24 <http://31.13.90.0/24>
    >>> 31.13.91.0/24 <http://31.13.91.0/24>
    >>> 31.13.92.0/24 <http://31.13.92.0/24>
    >>> 31.13.93.0/24 <http://31.13.93.0/24>
    >>> 31.13.94.0/24 <http://31.13.94.0/24>
    >>> 31.13.95.0/24 <http://31.13.95.0/24>
    >>> 204.15.20.0/22 <http://204.15.20.0/22>
    >>> 69.63.176.0/20 <http://69.63.176.0/20>
    >>> 69.63.176.0/21 <http://69.63.176.0/21>
    >>> 69.63.184.0/21 <http://69.63.184.0/21>
    >>> 66.220.144.0/20 <http://66.220.144.0/20>
    >>> 69.63.176.0/20 <http://69.63.176.0/20>
    >>> 66.220.0.0/16 <http://66.220.0.0/16>
    >>> 66.220.144.0/20 <http://66.220.144.0/20>
    >>> 69.63.0.0/16 <http://69.63.0.0/16>
    >>> 69.171.0.0/16 <http://69.171.0.0/16>
    >>> 173.252.0.0/16 <http://173.252.0.0/16>
    >>> 204.15.16.0/20 <http://204.15.16.0/20>
    >>> 173.252.64.0/18 <http://173.252.64.0/18>
    >>>
    >>>
    >>> Retirei ela fazendo consulta do AS do facebook .
    >>> Acabou meus problemas.
    >>>
    >>> Att. Paulo Henrique...
    >>>
    >>> Em 20/09/2012 16:46, Cleuson Alves escreveu:
    >>>
    >>> Olá pessoal, como cadastro no alias que criei estes endereços para
    >>> bloquear o facebook no pfsense.
    >>> Segue o site de onde tirei estas informações:
    >>> http://bgp.he.net/search?search[search]=facebook&commit=Search
    >>>
    >>>
    >>> 2620:0000:1c00::/40
    >>> 2620:0000:1cff::/48
    >>> 2a03:2880::/32
    >>>
    >>> Obrigado.
    >>> --
    >>> Cleuson de Oliveira Alves
    >>> Rio de Janeiro - RJ
    >>>
    >>>
    >>>
    >>> _______________________________________________
    >>> Pfsense-pt mailing list
    >>> Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    >>> http://lists.pfsense.org/mailman/listinfo/pfsense-pt
    >>>
    >>>
    >>>
    >>> --
    >>> Paulo Henrique
    >>> BSD Brasil
    >>> Fone: (21) 9683-5433 <tel:%2821%29%209683-5433>
    >>> Genuine user Unix/BSD :D
    >>>
    >>>
    >>> _______________________________________________
    >>> Pfsense-pt mailing list
    >>> Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    >>> http://lists.pfsense.org/mailman/listinfo/pfsense-pt
    >>>
    >>
    >>
    >>
    >> _______________________________________________
    >> Pfsense-pt mailing list
    >> Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    >> http://lists.pfsense.org/mailman/listinfo/pfsense-pt
    >>
    >> Infelizmente não, pois o squid/squidguard so analisa url no
    qual ele
    >> consegue ler, o que em acesso HTTPs sem configuração de
    servidor proxy
    >> direto no navegador não funciona.
    >> O mesmo vale para o resto de aplicações distribuidas sobre https.
    >>
    >> Att.
    >>
    >> --
    >> Paulo Henrique
    >> BSD Brasil
    >> Fone: (21) 9683-5433 <tel:%2821%29%209683-5433>
    >> Genuine user Unix/BSD :D
    >>
    >>
    >> _______________________________________________
    >> Pfsense-pt mailing list
    >> Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    >> http://lists.pfsense.org/mailman/listinfo/pfsense-pt
    >>
    >
    >
    > _______________________________________________
    > Pfsense-pt mailing list
    > Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    > http://lists.pfsense.org/mailman/listinfo/pfsense-pt
    >



    --
    Marcio Antunes
    Powered by FreeBSD
    ==================================
    * Windows: "Where do you want to go tomorrow?"
    * Linux: "Where do you want to go today?"
    * FreeBSD: "Are you, guys, comming or what?"
    _______________________________________________
    Pfsense-pt mailing list
    Pfsense-pt@lists.pfsense.org <mailto:Pfsense-pt@lists.pfsense.org>
    http://lists.pfsense.org/mailman/listinfo/pfsense-pt




_______________________________________________
Pfsense-pt mailing list
Pfsense-pt@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/pfsense-pt


--
Paulo Henrique.
BSDs Brasil - FUG-BR
site: www.fug.com.br

Rip Irado !!!
flamers > /dev/null

_______________________________________________
Pfsense-pt mailing list
Pfsense-pt@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/pfsense-pt