How to block https://www.facebook.com ?

Discussion in 'Networking, Telephony & Internet' started by syzygy9, May 9, 2011.

  1. syzygy9

    syzygy9 Member

    Joined:
    Aug 10, 2001
    Messages:
    675
    Location:
    Perth, WA
    Using my modem/routers inbuilt firewall URL Filter I have managed to block/restrict my kids (mainly my eldest, a determined 15yo daughter) access to Facebook reasonably successfully over the past year or so (fighting the constant battle with proxies) . . . . until my eldest (bless her little hacker's heart) discovered the joys of HTTPS!

    So while the URL filter *facebook* successfully denies access to http://www.facebook.com, it does not deny access to https://www.facebook.com.

    So any ideas on how to filter this encrypted traffic without doing a general port 443 block (https). Failing that any ideas on how to lock down general https:// traffic at the modem would be gratefully appreciated! (I don't want to go to a separate blocking program if I can avoid it).
     
  2. Dopefish

    Dopefish Member

    Joined:
    Jul 18, 2001
    Messages:
    2,851
    Location:
    State of confusion
    Why don't you want your kids on facebook?
    I'm afraid that may be a form of child abuse in this day and age.
     
  3. Keltoi

    Keltoi Member

    Joined:
    Jun 27, 2001
    Messages:
    218
    Location:
    Perth
    Solutions that come to mind:

    1. Open DNS
    http://www.opendns.com/solutions/household/

    2. Install parent control software on there computers

    3. Transparent Proxy/Router using a Linux distro/squid etc...

    its important to know that this would just cause a cycle of them trying to find ways to access the sites. If they are savvy enough they will eventually find a way.

    4. Just take there computers off them (or kill there net connection all together) if they keep going to sites you don't want them to. With this solution they Eventually should respect there "facebook" time when they get it as a reward etc...

    I hope that helps
     
    Last edited: May 9, 2011
  4. thebranded

    thebranded Member

    Joined:
    Nov 30, 2006
    Messages:
    2,222
    Location:
    Sydney
    i got a DD-wrt/tomato capable router and blocked facebook and some online games with it. But i set the access restrictions to a daily schedule so younger bro could get access at certain times.

    it blocked all access to facebook, to the point you cant even so a google search for facebook!

    complete blocking i dont think is the way to go.
     
  5. RyoSaeba

    RyoSaeba Member

    Joined:
    Sep 11, 2001
    Messages:
    12,408
    Location:
    Perth
    When they're out one day go to their computer.

    1. Open My Computer or Computer
    2. Go to C:\windows\system32\drivers\etc\
    3. Open file HOSTS in notepad
    4. Add this :

    127.0.0.1 www.facebook.com
    127.0.0.1 facebook.com

    Note: Use tab for spacing
    5. Save it. If it doesn't allow you to save directly, save it as .txt and then rename hosts to hosts.old and then hosts.txt you've just created to hosts (no . after)
    6. Open up CMD and try ping www.facebook.com if it's working you should get 127.0.0.1 as the IP address. This will make that facebook will not be directly accessible either via HTTPS or HTTP.

    Hopefully your kids have not discovered hosts file yet. ;)

    Unless you're farmiliar with setting up an active directory and global policies, that's probably the easiest way.
     
    Last edited: May 9, 2011
  6. Captain Kidd

    Captain Kidd Member

    Joined:
    Mar 19, 2011
    Messages:
    191
    I am in my final year of school and i would be sure you were doing the right thing. You cold get software to allow facebook for certain times i.e 20 mins per day.

    You could channel the internet through a computer and just run a hosts file.
     
  7. OP
    OP
    syzygy9

    syzygy9 Member

    Joined:
    Aug 10, 2001
    Messages:
    675
    Location:
    Perth, WA
    . . . . one day you will have kids - actually I don't block but restrict access so that when the kids should be doing homework they are not distracted by the many (FB included) distractions. Secondly the complete crap that FB is should be blocked by any sane adult! :D

    keltoi - I am currently checking out OpenDNS, but at first glance it has the same problems as any URL based domain filter, it can't block encrypted (https) traffic. I have parental controls built into my AV (currently using it to restrict access to rank sites and cut off internet access after 9.30pm - is that classed as child abuse?), haven't tried to block https traffic but it should work but again I would like a simple one stop solution that I could switch on and off relatively quickly.

    doc - nice idea if FB kept the same IPs, they seem to change these randomly

    thebranded - I doubt your router is blocking https*facebook*, it probably is just blocking http*facebook*

    kidd & ryo - I have looked at the etc/hosts file option, it is doable but I would like something a little simpler so I can control access rather than just outright blocking (I don't want to be accused of child abuse!)
     
    Last edited: May 10, 2011
  8. Dr Evil

    Dr Evil Member

    Joined:
    Oct 20, 2010
    Messages:
    2,855
    Location:
    Perth
    Lol wouldn't surprise me if that was true. Although having 'Facebook' blocked from your home network to not allow your child to have access to it would probably end up in cursing & arguing. If your a strong parent that can stand it then sure, go for it. You might have 'discipline' but you are very limited to any options of it. You also might want to monitor your teenagers behavior with socializing more by going to a 'friends' house a lot. As she might be just using them for their bandwidth!!!!:wired::wired:.

    You could also use a program to monitor her PC/Laptop or if it's a shared computer then let a small background program that logs each webpage accessed so you can have an easier way to find her 'tricks', if she knows them of course.

    I know when I go on Facebook I see way to much random crap getting posted and I definitely wouldn't want my child to go on it.
     
  9. Keltoi

    Keltoi Member

    Joined:
    Jun 27, 2001
    Messages:
    218
    Location:
    Perth
    What about setting up scheduled task's on there computer to change the hosts files at specified times.

    This should provide a work around until they work out about the hosts file that is. (I would suggest making there user accounts not admin level, this way they will not be able to edit the hosts file)

    eg. homework time is from 3-8pm and a blocked hosts files is loaded
    Other is all the other time/weekends and a normal hosts file is loaded.
     
    Last edited: May 10, 2011
  10. Idafe007

    Idafe007 Member

    Joined:
    Feb 22, 2008
    Messages:
    159
    Location:
    Florida - USA
    If you think that's complicated... then your Kids are probably way ahead of you and can bypass anything you try.
    There is not easy way to foolproof block something and allow something else. If its simple to install, it's simple to bypass.
    Now, do you realize that all those computers, modem and router have an ON/OFF switch... use it.
    They turned it ON... pull the modem, lock it under key.
    They connect to an open WIFI... computer gets locked too..
    There is a will, there is a way.
     
  11. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    10,401
    Location:
    Canberra
    deploying an inpath web proxy isn't that hard, lucky for me i have access to kit so if it was me i would just deploy a sidewinder/stupid mcafee new name :D
     
  12. Gecko

    Gecko Member

    Joined:
    Jul 3, 2004
    Messages:
    2,715
    Location:
    Sydney
    OpenDNS will block HTTPS traffic with no problems - basic path of any request:

    • User says they want to go to facebook.com
    • Computer sends out a DNS request to find the IP of facebook.com (doesn't matter whether it is HTTP/HTTPS/any other protocol)
    • When using OpenDNS, rather than responding with the actual address of facebook.com, it responds back with a different address
    • The users browser then navigates to this different address, and gets the "Content blocked" message

    [edit] Should say though, it is reasonably trivial to bypass, just change your DNS settings to point to a different server
     
  13. 4wardtristan

    4wardtristan Member

    Joined:
    Apr 9, 2008
    Messages:
    1,181
    Location:
    brisbane
    not sure how fancy your router is, but if its doing your local DNS you could just create a facebook.com zone with no records?
     
  14. thebranded

    thebranded Member

    Joined:
    Nov 30, 2006
    Messages:
    2,222
    Location:
    Sydney
    nope it blocks HTTPS as well. open access restrictions and set "facebook" as the keyword to block, then add a rule to block access to port 443.

    Down side is bro has no access to ALL HTTPS sites, but he has not said he does not have assess to any site he needed, so i assume he does not use any other HTTPS site. The restrictions only apply to his MAC address anyway so it does not affect rest of household.

    If he has worked around the default port then i'd be more impressed with him than annoyed.

    although reading the thread again that wont work for you :D
     
    Last edited: May 10, 2011
  15. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    [​IMG]
    Yo dad i hear shes likes proxies, so we put a proxy in her proxy to stop her from proxying
     
  16. vltrb-0

    vltrb-0 Member

    Joined:
    May 11, 2006
    Messages:
    622
    Location:
    melbourne
    furer says no Facebook!!!

    [​IMG]
     
  17. qwertylesh

    qwertylesh Member

    Joined:
    Aug 21, 2007
    Messages:
    8,604
    When I need to filter fuckers, I use untangle.
    you need next to no linux experience to setup a gateway with untangle.

    you simply, download and burn their iso.

    physically label the two NIC's on the machine.

    install it to a small hdd, identify each NIC in the UI.

    You have one incoming from the router and one outgoing to a switch/AP which the machines you want filtered connect to.

    and BAM

    you can block whole internet groups (grouped types of sites)
    you can block whatever else you wish
    you can watch the internet activity live via the distro

    you can configure it to summaries and email you reports on usage trends, most visited sites and all sorts of privacy violating awesome shit :D

    really, untangled, its shit easy to setup, and anyone behind it is left in your full control.

    some awesome ocauers got me onto it after I started a thread asking what distro would filter and view net traffic live.
     
  18. ir0nhide

    ir0nhide Member

    Joined:
    Oct 24, 2003
    Messages:
    4,238
    Location:
    Adelaide
    Note: I don't have kids

    How about instead of fighting with your kids on technology, you have a conversation that goes like this:

    "Hi kids, I realise you're pretty smart and no matter what I do you'll find a way to use Facebook when you're not meant to. My solution is this; if you're going to use facebook on an unsupervised computer (and you have one for a reason I can't comprehend) during time when you're meant to be doing homework, I'll cut off Internet access completely during that time. If you need Internet access for your homework, you can do it at the library where all the cool kids hang out."

    if you don't trust your kids with technology (for whatever reason), don't give them access?
     
  19. Simwah

    Simwah Member

    Joined:
    Aug 6, 2005
    Messages:
    1,998
    Location:
    Brisbane
  20. vltrb-0

    vltrb-0 Member

    Joined:
    May 11, 2006
    Messages:
    622
    Location:
    melbourne
    your kids are going to hate you for this
     

Share This Page

Advertisement: