Thanks Paul
You have given me an idea, but I can see the ranges that use that domain as
you show me?
thks for help !!
2012/7/13 Paul Gear <[email protected]>
> On 13/07/12 00:36, I.S.C. William wrote:
> > Indeed it can be done with Squid Proxy even so I have my filters, the
> > detail is that Proxy can not control the safe harbor traffic (https) so
> > this should be done by Firewall.
> >
> > So my questions about how to block those sites.
>
> The DNS method Simon suggested is probably not workable if you have some
> people who need access to Google and some who don't. Although a
> solution like OpenDNS might allow you that flexibility.
>
> The best option is proxy. HTTPS can be safely proxied. It can also be
> filtered at the proxy. The only thing you can't do is see the URLs
> being accessed on HTTPS sites. All you can do is block or allow the site.
>
> So my suggestion is:
> 1. Do not allow HTTPS out directly. i.e. block loc2net (or whatever your
> local zone is called) for HTTPS.
> 2. Force all network devices to access HTTPS sites via proxy.
> 3. Use proxy to block or allow sites as needed.
>
> Another (overkill) option is to find the netblock used by Google at your
> location (e.g. mine is 74.125.0.0/16 for google.com, 173.194.0.0/16 for
> gmail.com, etc.) and DROP/REJECT traffic to the whole netblock.
>
> Paul
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
--
I.S.C. William López Jiménez
--
User Linux # 379636
MSN [email protected]
Jabber [email protected]
Web: www.koalasoftmx.tk
Twitter: @koalasoft
Facebook: william.koalasoft
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
