Hello, ladies and gentlemen.
I've been having problems in my school trying to block Facebook.
Initially, the students could get on through https://www.facebook.com Blocking it through application control closed that loophole.
I've blocked facebook.com and fbcdn.com, and have some regular expressions set up that block any sites that even have Facebook in the URL for super tight security.
Still, every now and again the log files show traffic to facebook.com and fbcdn.com
No pages are being displayed, but each has about 80 or so requests.
Is there some sort of exploit I need to know about?
Any ideas?
Thanks,
Oliver.
1) How you are using Web Protection
Not sure how to answer this one. Could you be a little more specific?
2) Is there any exception
There are several exceptions for things like Adobe update. The only exceptions that would be expected to allow access to Facebook apply to one server and the school director's PC. While she might have been checking things on Facebook, her traffic would have shown pages, so I don't believe it's from her. The server skips logging altogether.
3) Is Social Networking checked for block
If you are asking about the URL Filtering Category, yes, it is.
4) Is Scan HTTPS checked
Unfortunately, we can't really enable this. Since most of our traffic is going to and from computers and devices that we don't own (student and teachers' phones and laptops), I can't see a way of avoiding the certificate errors.
Let me know if you have any further thoughts.
Thanks a lot.
You can put your UTM Cerificate for download in simple http server inside your network and give the link to users who will complain about https errors
After the certificate installation everything will go fine
But i founded another way via DNS:
Not permit users to use their own DNS, blocking DNS requests in firewall and let only your Gateway like DNS in DHCP pool.
After this make a "static entry" for facebook.com to an inexistent IP
Quote