Results 1 to 2 of 2

Thread: Using IPTABLES to black HTTPS to certain sites only

  1. #1
    Join Date
    May 2010
    Beans
    24

    Using IPTABLES to black HTTPS to certain sites only

    Hi,

    I'm trying to block youtube.com during business hours using squid, however since this is a transparent proxy people are able to bypass it by using https://....... (port 443).

    I want to use iptables to block port 443 but only to youtube.com servers, as other port 443 functionality is required for other tasks.

    I've tried a lot of different combinations, including:
    Code:
    iptables -A INPUT -p tcp --dport 443 -m string --string "youtube.com" algo bm -j REJECT
    blocking Youtube's ip's is almost impossible as they change each time a do an nslookup.

    Does anybody know how this can be done?
    Last edited by Nessaja; September 17th, 2012 at 11:05 AM. Reason: Addition to content

  2. #2
    Join Date
    Sep 2006
    Beans
    7,294
    Distro
    Lubuntu Development Release

    Re: Using IPTABLES to black HTTPS to certain sites only

    Blocking on 'string' will only block unencrypted packets containing the letters 'youtube.com' in that sequence.

    If you want to block Youtube, you'll have to block the whole subnet it is on. Looking up the ip number(s) for Youtube using host or dig, we see that there are several hosts using 173.194.32.*. We can look up one of them with whois and see that the network for Youtube is actually 173.194.0.0/16, so that's what you need to try to block.

    Code:
    iptables -A OUTPUT -p tcp -d 173.194.0.0/16 --dport 443 -j REJECT
    However, there are still ways around it. What you need to do is address the behavioral problems and there isn't going to be a technical solution for that.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •