try using incoming firewall

Blocked Incoming Connections-> Add

nickname - www.facebook.com
host - www.facebook.com

hi all,

I am also changing in squid.conf file but it doesn't work

my setup is

acl special_clients src "/etc/squid/special_client_ips.txt"

acl facebook dstdomain .facebook.com

Under http access

http_access allow facebook special_clients

http_access deny facebook

http_access allow all


service squid restart


Please help me sort out this issue.

Thanks,
Karniv Patel

Dear Clear OS support Team please help us block Facebook & youtube site
we thanks full to developers

I installed the Netify Application Filter and added Facebook to the "Blocked Applications" list.

I am still able to access Facebook. I tried stopping and starting the Application Filter but nothing changed. So I added Twitter to the list and am getting the same results. What am I doing wrong?

I have found the most effective way to do this is via DNS (dnsmasq)

Add the lines below to /etc/dnsmasq.conf

address=/encrypted.google.com/127.0.0.1

address=/facebook.com/127.0.0.1

address=/twitter.com/127.0.0.1

address=/plus.google.com/127.0.0.1

address=/youtube.com/127.0.0.1

address=/instagram.com/127.0.0.1

address=/itunes.apple.com/127.0.0.1

One of the reasons this is better for me is that I want to only block these sites during the working day. Using cron they are unblocked at 5pm

You also have to ensure that the COS gateway provides all DNS answers

Are you using the content filter? Select "Social Networking" as of of your blocked group types (under "Blacklists"), and ensure that you have "Block IP Domains" selected.

That should do it, no?

B.

HTTPS sessions will bypass the proxy unless you disable Transparent Proxy to force workstations to use the proxy for HTTPS. So disable "Transparent Mode" on the Gateway/Web Proxy page.

Also, not using the content filter, have a look at this thread.

hi,

I failed to block while using Content Filter. But I tried alternate method and succeed for terminal server. Just I have redirected the facebook.com to google.com. So whenever users try to access the facebook.com (it may be http or https), system automatically redirect the users to google.com.

If we disable the content filter, could not restrict users from accessing unwanted sites..

hi,

I failed to block https sites I've tried all possible ways.
can you tell me how can i redirect https request to google.com

How have you tried?

Try add this line to /etc/hosts:

173.194.70.102 facebook.com

Restart Dnsmasq:

service dnsmasq restart

and (optionally) flush DNS Cache on clients

On Windows OS (with admin rights):

ipconfig /flushdns

That IP belongs to Google. So if your users type facebook.com in the browser, they will be redirected to Google.com.

Use o script na agenda cron, coloque pra rodar em minutos

segue abaixo

#/bin/bash
#
#LIMPAR ARQUIVO ip_facebook EDIT: Achei melhor manter essa lista por mais tempo
#echo "" > ip_facebook
#CAPTURAR IP DO FACEBOOK
host www.facebook.com >> /tmp/host_facebook

## EXPRESSÃO REFULAR PARA CAPTURAR SOMENTE OS IPS DO ARQUIVO host_facebook
sed -n 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/\nip&\n/gp' /tmp/host_facebook | grep ip | sed 's/ip//'| sort | uniq >> /tmp/ip_facebook

## REGRA DE CONDIÇÃO PARA BLOCK DOS IPS
for ip in $(cat /tmp/ip_facebook); do

iptables -n -L FORWARD | grep $ip
if [ $? -eq 1 ]
then
iptables -I FORWARD -s $ip -j DROP
fi
done

hi all,

I am using clearos 6.5 community

I want to block some social website like facebook,youtube,etc... per ip address

How can i do that??

Thanks
Karniv Patel

Hello to all,

Please help me to sort out in this issue.

I want to block social networking sites like facebook,you tube,etc...

My Setup are :-
1)
Gateway---Web Proxy----Setting
Transparent Mode---Disabled
User Authentication--- Enabled

also i add all usefull site in Content filter-----Exception Sites
But it's not working.

2)
I am also changing in /etc/squid/squid.conf file

acl special_clients src "/etc/squid/special_client_ips.txt"
acl facebook dstdomain .facebook.com

Under http access

http_access allow facebook special_clients
http_access deny facebook
http_access allow all

service squid restart

But it doesn't work.

3)
I have also configured Engress firewall but it block all https(443) traffic, but i want to allow some https sites.
How it possible?

Do i miss anything? Is there any configuration problem? Please let me know.
Any help would be appreciated.

Thanks in advance,

Karniv Patel

Hello,

I am really stuck here. can any one help me please ?

Thanks
Karniv Patel

Blocking IPs is very problematic because of the cloud hosting now days. Try doing this in your squid.conf. etc/squid/squid.conf
You cannot be running transparent proxy. No firewall is needed on the ClearOS for this to work.
# no SSL sites
acl no_ssl_sites dstdomain .craigslist.org
or place all your banned ssl sites in a file like like this: acl no_ssl_sites dstdomain "/etc/squid/blacklist/noSSLsites"
acl unsafe_ports port 443
http_access deny no_ssl_sites unsafe_ports

The result is that [http://craigslist.org] will be filtered and [https://craigslist.org] will be blocked.

http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,65190/

There are two ways to block Facebook on ClearOS.

You either need to use non-transparent mode proxy, our you need to filter on DNS (it's best to implement both if you can)

You can read more about that here.

Santosh pattanaik wrote:

Dear Clear OS support Team please help us block Facebook & youtube site
we thanks full to developers

This is an old thread, but it has come up twice in the last week via customers. You can now use the Application Filter (beta) to block YouTube and Facebook, even if your web proxy is running in transparent mode. How? The Application Filter is able to deconstruct the HTTPS/SSL certificates in the brief moment in time when traffic between the web browser and server is not yet encrypted. More information here:

- User Guide
- Application Details

You can also load redwood into ClearOS. Hopefully they will natively support it soon. It replaces both squid and dansguardian; is a similar alternative to dansgardian only it's more powerful. It examines HTTPS, so you can handle all HTTPs traffic the way you were used to handling HTTP.
It can be downloaded here: https://github.com/andybalholm/redwood
The community version doesn't have a GUI. If you want a GUI, you need to contact Compass Foundation 855-530-8090
Note: I am not an associate of Compass Foundation but I do buy from them.

H.323 wrote:

You can also load redwood into ClearOS. Hopefully they will natively support it soon.

I don't have an ETA, but I believe it's coming. I have tried Redwood on my home system and it's great... definitely recommended!

Just to clarify, Netify does not decrypt SSL traffic (which requires allowing forged SSL certificates on client systems). Instead, the Netify engine uses deep packet inspection techniques to deconstruct SSL certificates early in the HTTPS conversation. Privacy and security is important to Netify, so we do not poke into the content or payload of traffic. Netify identifies:

- the web/app in use e.g. Facebook
- the local MAC/IP address
- the remote IP address (with Geolocation and Malware details)
- bandwidth over time
- protocol (HTTPS, Bittorrent, etc)
- DNS/hostname information
- and some other networking tidbits

... but no payload information! With Netify, a secure connection to your online bank is still a secure connection to your online bank.

David O'Donnell wrote:

I installed the Netify Application Filter and added Facebook to the "Blocked Applications" list.

I am still able to access Facebook. I tried stopping and starting the Application Filter but nothing changed. So I added Twitter to the list and am getting the same results. What am I doing wrong?

Are you able to block other applications? I can see that there have been some recent discussions about Facebook and deep packet inspection, so this might be a Facebook-only issue.

Yes, I tried checking 6 others, none of the sites get blocked.

Is there a Netify application filter module?

Edit: It's indeed possible to filter traffic with Netify. Only I'm not sure how. Investigating....

@Marcel,
You're up early! Filters were announced here

Yeah, I was just awake and couldn't sleep anymore.

Ah, I was under the impression that it was about Netify but this is about 2 free apps (Protocol Filter and Application filter). It's time we get some education of the OSI model.

David O'Donnell wrote:

Yes, I tried checking 6 others, none of the sites get blocked.

I wonder if you have the bleeding edge version of Netify? If you are familiar with the command line environment, check the netifyd version with:

rpm -q netifyd

It should be version 1.1-8. If it's a higher version, then the Application Filter and Protocol Filter apps won't work.

Peter Baldwin wrote:
I wonder if you have the bleeding edge version of Netify? If you are familiar with the command line environment, check the netifyd version with:

rpm -q netifyd

It should be version 1.1-8. If it's a higher version, then the Application Filter and Protocol Filter apps won't work.

Hello Peter,

This is what I get with that command:
netifyd-1.1-8.v7.x86_64

David O'Donnell wrote:

This is what I get with that command:
netifyd-1.1-8.v7.x86_64

I'm stumped! I'll have to pass this on to our network guru. Would it be possible to get remote access to your system? If so, please submit your hostname and system password to https://secure.clearcenter.com/portal/system_password.jsp and we'll get it resolved.

Hi all,

Thanks for the remote access. One thing that I noticed this morning is that the firewall hook for Netify isn't always configured - here's a related tracker item: https://github.com/eglooca/app-netify-fwa/issues/3 . After adding your first application or protocol, you need to stop/start the service (the button on the right side of the web page) or manually restart the firewall from the command line: service firewall restart

Note: you don't need to do this after adding the first rule.

I'm on version:

[root@enterprise ~]# rpm -q netifyd

netifyd-1.3-2.v7.x86_64

Peter Baldwin wrote:

I'm stumped! I'll have to pass this on to our network guru. Would it be possible to get remote access to your system? If so, please submit your hostname and system password to https://secure.clearcenter.com/portal/system_password.jsp and we'll get it resolved.

Hello Peter,

I have created the support ticket with the login info. The ticket ID is 551809. Thanks!

The Netify Application Filter finally started working today!

Last night, our ISP required us to change our WAN IP, Default Gateway and Subnet Mask. While I was at it, I also changed to their Primary and Secondary DNS servers.

I rebooted the server last night, and now it works. Maybe changing the DNS servers fixed it? Or the reboot?