Re: [pfSense] Https blocking

2014-09-24 Thread Chris Bagnall 

On 24/9/14 6:21 pm, A Mohan Rao wrote:

If u really a expert so then pls resolve bmy problem. I have do all the
things but still people can access blocked website in pfsense.


Sites like Facebook have thousands of servers across the world, split 
across numerous netblocks and content delivery networks. You never will 
be able to completely block them, at least not without spending hundreds 
of man-hours keeping up to date with IP lists, DNS names, etc.


Then you have to consider the easy availability of proxies designed 
specifically to allow people to access blocked sites.


And even assuming you are able to block them, many sites share their CDN 
infrastructure (Akamai, Limelight Networks, to name just two big ones), 
so you have to consider the dangers of overblocking inadvertently 
preventing your users from accessing necessary sites who happen to use 
the same CDN.


There just isn't a panacea in this.

You are trying to find a technical solution to a social/political problem.

If your management doesn't understand that getting you to spend hours 
upon hours playing 'whack-a-mole' blocking each social networking 
netblock isn't productive use of your time, then perhaps asking them to 
provide a whitelist of sites that employees *can* access, then simply 
blocking anything not on that list might be a more sensible way of going 
about this.


On a personal note, I'd add that if your management are so determined to 
prevent people having a few moments to keep up with their 
friends/personal life, I'd have to question whether I really wanted to 
work for them...


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Espen Johansen 
Sorry. That just means you are incompetent at your job.
There is no way in h...l you can demand others to do your job. We are all
here for free. Buy a pfSens support agreement and pay for it!

People like you annoys me.

-lsf
24. sep. 2014 19:22 skrev "A Mohan Rao"  følgende:

> Hello
> If u really a expert so then pls resolve bmy problem. I have do all the
> things but still people can access blocked website in pfsense.
>  On Sep 24, 2014 9:50 PM, "Ryan Coleman"  wrote:
>
>>  You've asked this question many times and we've given many options for
>> resolving it but you keep coming back.
>>
>> https://duckduckgo.com/?q=blocking+torrents+in+pfsense
>> https://duckduckgo.com/?q=blocking+facebook+in+pfsense
>> https://doc.pfsense.org/index.php/Blocking_websites
>> https://forum.pfsense.org/index.php?topic=36274.0
>>
>> A little web searching will go a long way.
>>
>>
>> On 9/24/2014 11:10 AM, A Mohan Rao wrote:
>>
>> Actually due to wasting of time employees... management need to block
>> these sites if have any solutions pls give..
>> I really very appritiate ..
>> On Sep 24, 2014 9:00 PM, "Ryan Coleman"  wrote:
>>
>>>  Block port 443 in the Firewall rules outbound - no need for a
>>> transparent proxy.
>>>
>>> That said - why do you need to block them? Because you're snooping 100%
>>> of the traffic to see what people are reading/sending?
>>>
>>>
>>> On 9/24/2014 10:16 AM, A Mohan Rao wrote:
>>>
>>> How can i completely and properly block https facebook, torrentz, exe
>>> download and proxy sites through transparent proxy.
>>>
>>> Thanks
>>> Mohan
>>>
>>>
>>> ___
>>> List mailing 
>>> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>>>
>>>
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>
>> ___
>> List mailing 
>> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>>
>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Walter Parker 
A suggestion: Null route all facebook addresses. That usually kills any
traffic. Be aware that it kills all traffic to those addresses (HTTP,
HTTPS, SMTP, POP3, DNS).


FYI, getting snotty to people that are asking for help usually turns them
off of wanting to help you...


Walter

On Wed, Sep 24, 2014 at 10:21 AM, A Mohan Rao  wrote:

> Hello
> If u really a expert so then pls resolve bmy problem. I have do all the
> things but still people can access blocked website in pfsense.
>  On Sep 24, 2014 9:50 PM, "Ryan Coleman"  wrote:
>
>>  You've asked this question many times and we've given many options for
>> resolving it but you keep coming back.
>>
>> https://duckduckgo.com/?q=blocking+torrents+in+pfsense
>> https://duckduckgo.com/?q=blocking+facebook+in+pfsense
>> https://doc.pfsense.org/index.php/Blocking_websites
>> https://forum.pfsense.org/index.php?topic=36274.0
>>
>> A little web searching will go a long way.
>>
>>
>> On 9/24/2014 11:10 AM, A Mohan Rao wrote:
>>
>> Actually due to wasting of time employees... management need to block
>> these sites if have any solutions pls give..
>> I really very appritiate ..
>> On Sep 24, 2014 9:00 PM, "Ryan Coleman"  wrote:
>>
>>>  Block port 443 in the Firewall rules outbound - no need for a
>>> transparent proxy.
>>>
>>> That said - why do you need to block them? Because you're snooping 100%
>>> of the traffic to see what people are reading/sending?
>>>
>>>
>>> On 9/24/2014 10:16 AM, A Mohan Rao wrote:
>>>
>>> How can i completely and properly block https facebook, torrentz, exe
>>> download and proxy sites through transparent proxy.
>>>
>>> Thanks
>>> Mohan
>>>
>>>
>>> ___
>>> List mailing 
>>> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>>>
>>>
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>
>> ___
>> List mailing 
>> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>>
>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Ryan Coleman 
I never claimed to be an expert but you have successfully convinced me to block 
your email address from my firewall. 

KTHXBAI

--
Ryan Coleman

> On Sep 24, 2014, at 12:21, A Mohan Rao  wrote:
> 
> Hello 
> If u really a expert so then pls resolve bmy problem. I have do all the 
> things but still people can access blocked website in pfsense. 
>> On Sep 24, 2014 9:50 PM, "Ryan Coleman"  wrote:
>> You've asked this question many times and we've given many options for 
>> resolving it but you keep coming back. 
>> 
>> https://duckduckgo.com/?q=blocking+torrents+in+pfsense
>> https://duckduckgo.com/?q=blocking+facebook+in+pfsense
>> https://doc.pfsense.org/index.php/Blocking_websites
>> https://forum.pfsense.org/index.php?topic=36274.0
>> 
>> A little web searching will go a long way.
>> 
>> 
>>> On 9/24/2014 11:10 AM, A Mohan Rao wrote:
>>> Actually due to wasting of time employees... management need to block these 
>>> sites if have any solutions pls give..
>>> I really very appritiate ..
>>> 
 On Sep 24, 2014 9:00 PM, "Ryan Coleman"  wrote:
 Block port 443 in the Firewall rules outbound - no need for a transparent 
 proxy.
 
 That said - why do you need to block them? Because you're snooping 100% of 
 the traffic to see what people are reading/sending?
 
 
> On 9/24/2014 10:16 AM, A Mohan Rao wrote:
> How can i completely and properly block https facebook, torrentz, exe 
> download and proxy sites through transparent proxy.
> 
> Thanks
> Mohan
> 
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
 
 
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
>>> 
>>> 
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>> 
>> 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Giles Coochey 

On 24/09/2014 18:21, A Mohan Rao wrote:


Hello
If u really a expert so then pls resolve bmy problem. I have do all 
the things but still people can access blocked website in pfsense.



We that kind of attitude, just what on earth do you think is going to 
make people feel obligated to assist you here?


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net




smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread A Mohan Rao 
Hello
If u really a expert so then pls resolve bmy problem. I have do all the
things but still people can access blocked website in pfsense.
 On Sep 24, 2014 9:50 PM, "Ryan Coleman"  wrote:

>  You've asked this question many times and we've given many options for
> resolving it but you keep coming back.
>
> https://duckduckgo.com/?q=blocking+torrents+in+pfsense
> https://duckduckgo.com/?q=blocking+facebook+in+pfsense
> https://doc.pfsense.org/index.php/Blocking_websites
> https://forum.pfsense.org/index.php?topic=36274.0
>
> A little web searching will go a long way.
>
>
> On 9/24/2014 11:10 AM, A Mohan Rao wrote:
>
> Actually due to wasting of time employees... management need to block
> these sites if have any solutions pls give..
> I really very appritiate ..
> On Sep 24, 2014 9:00 PM, "Ryan Coleman"  wrote:
>
>>  Block port 443 in the Firewall rules outbound - no need for a
>> transparent proxy.
>>
>> That said - why do you need to block them? Because you're snooping 100%
>> of the traffic to see what people are reading/sending?
>>
>>
>> On 9/24/2014 10:16 AM, A Mohan Rao wrote:
>>
>> How can i completely and properly block https facebook, torrentz, exe
>> download and proxy sites through transparent proxy.
>>
>> Thanks
>> Mohan
>>
>>
>> ___
>> List mailing 
>> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>>
>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
>
> ___
> List mailing 
> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Ryan Coleman 
You've asked this question many times and we've given many options for 
resolving it but you keep coming back.


https://duckduckgo.com/?q=blocking+torrents+in+pfsense
https://duckduckgo.com/?q=blocking+facebook+in+pfsense
https://doc.pfsense.org/index.php/Blocking_websites
https://forum.pfsense.org/index.php?topic=36274.0

A little web searching will go a long way.


On 9/24/2014 11:10 AM, A Mohan Rao wrote:


Actually due to wasting of time employees... management need to block 
these sites if have any solutions pls give..

I really very appritiate ..

On Sep 24, 2014 9:00 PM, "Ryan Coleman" > wrote:


Block port 443 in the Firewall rules outbound - no need for a
transparent proxy.

That said - why do you need to block them? Because you're snooping
100% of the traffic to see what people are reading/sending?


On 9/24/2014 10:16 AM, A Mohan Rao wrote:


How can i completely and properly block https facebook, torrentz,
exe download and proxy sites through transparent proxy.

Thanks
Mohan



___
List mailing list
List@lists.pfsense.org  
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread A Mohan Rao 
Actually due to wasting of time employees... management need to block these
sites if have any solutions pls give..
I really very appritiate ..
On Sep 24, 2014 9:00 PM, "Ryan Coleman"  wrote:

>  Block port 443 in the Firewall rules outbound - no need for a transparent
> proxy.
>
> That said - why do you need to block them? Because you're snooping 100% of
> the traffic to see what people are reading/sending?
>
>
> On 9/24/2014 10:16 AM, A Mohan Rao wrote:
>
> How can i completely and properly block https facebook, torrentz, exe
> download and proxy sites through transparent proxy.
>
> Thanks
> Mohan
>
>
> ___
> List mailing 
> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Https blocking

2014-09-24 Thread Ryan Coleman 
Block port 443 in the Firewall rules outbound - no need for a 
transparent proxy.


That said - why do you need to block them? Because you're snooping 100% 
of the traffic to see what people are reading/sending?



On 9/24/2014 10:16 AM, A Mohan Rao wrote:


How can i completely and properly block https facebook, torrentz, exe 
download and proxy sites through transparent proxy.


Thanks
Mohan



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Https blocking

2014-09-24 Thread A Mohan Rao 
How can i completely and properly block https facebook, torrentz, exe
download and proxy sites through transparent proxy.

Thanks
Mohan
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list