Date: Fri, 3 Aug 2007 16:31:36 +0800 From: "Fai Cheng" <fai@g2019.net> To: freebsd-pf@freebsd.org Subject: Re: Block WWW.ORKUT.COM Message-ID: <4a33a74a0708030131p7024453ekcd73f4d55972a0bd@mail.gmail.com> In-Reply-To: <EDF8D957-D85E-4665-B7FC-A974797D0FD2@patpro.net> References: <20070803073610.GA39968@quartzo.cirp.usp.br> <EDF8D957-D85E-4665-B7FC-A974797D0FD2@patpro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't think this is impossible. depends on how you could configure the firewall. If you can block all traffics but allow those only you need. (e.g= . to your partner site only, deny all outgoing traffic) Modify the DNS / hosts files is a trick way but its work. but you have to know what is behind the host. e.g. they can use orkut.l.google.com instead of www.orkut.com. So the white list approach is easier to handle. (If you can) Of course different proxy (e.g. running proxy in 80 or 443 port) is hard to block, this case you need to monitor the traffic and see any ppl go to specific host with large amount of traffic. So you may notice the problems. Fai On 8/3/07, Patrick Proniewski <patpro@patpro.net> wrote: > > Hi, > > On 03 ao=FBt 2007, at 09:36, Ali Faiez Taha wrote: > > > What I need to do to block the access to www.orkut.com, via > > webproxy, anonymizer sites and direct access ? > > I am using FreeBSD with PF, without Proxy server, 2 NICs (one for > > Iternet and one for Intranet). > > Actually I use a table with a lot of IP address blocked. > > This is just impossible, unless may be you have as much money and > power as the chinese government. > What you want to do is layer 7 firewalling: ie. looking into the HTTP > transmitted, determine if it comes from orkut (directly or via a > proxy), and block accordingly. You might want to known: even this > won't work if the client uses HTTPS to connect to the proxy/ > anonymizer (in that case, HTTP transfer is encrypted, and you can't > eavesdrop the http content.) > > patpro_______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a33a74a0708030131p7024453ekcd73f4d55972a0bd>