HTTPS traffic?

C

captain204mike

Weaksauce
Joined
Nov 20, 2006
Messages
125
Can someone please tell me how to block HTTPS traffic to just 1 computer on the network,
i am using a Sonicwall Pro 2040 with content filtering and im not sure how to get it blocked, they are using a site called https://www.vtunnel.com and it gets around content filtering because the filter wont block https traffic, so i need to block it somehow
 
Huh, I thought this was going to be an easy one but apparently the Sonicwall CFS engine only filters HTTP and not HTTPS. What a crock.

Anyways if this is a business computer then this person is breaking the Acceptable Use Policy and should be brought to the attention of management.

You can create a firewall rule for the IP address that denies HTTPS to the IP address in question. (This is assuming you have the Enhanced OS... I don't have access to Standard)

First add the host by clicking Network -> Address Objects and adding the host IP address.

Firewall - Select From LAN -> WAN
click Add
Select Deny
Service HTTPS
Source - Address Object for host IP you created earlier
Destination - Any

This will block that host from accessing any HTTPS site... but as I said earlier this is an AUP breach and you should not be having to go to these measures...
 
Bean Dip said:
Huh, I thought this was going to be an easy one but apparently the Sonicwall CFS engine only filters HTTP and not HTTPS. What a crock.
Click to expand...

If a firewall was able to decrypt an HTTPS packet, then any device could decrypt that packet, thus destroying the whole purpose of using PKI to secure traffic. With out decrypting an encrypted packet, you can only filter based and source, destination, or port.
 
MorfiusX said:
If a firewall was able to decrypt an HTTPS packet, then any device could decrypt that packet, thus destroying the whole purpose of using PKI to secure traffic. With out decrypting an encrypted packet, you can only filter based and source, destination, or port.
Click to expand...

Good point. I retract my statement.

Something else the OP could do it put the site in the computers HOSTS file with a bogus address.
 
ya i created a firewall rule that is supposed to deny HTTPS from that IP address "4 of them" to the source ip address and user can still get to that site using https
ya problem is,, we used to be a small company that never had a IT dept, and so forth,, and growed very very fast, to now having a IT dept, and as of right now, we do not really have a Internet Usage Policy, so i dont think we can take much action with the user, but im not sure on that
i dont quite understand what you ment by creating a bogus address in the host
sorry im not quite that deep into the IT field yet lol
 
captain204mike said:
ya i created a firewall rule that is supposed to deny HTTPS from that IP address "4 of them" to the source ip address and user can still get to that site using https
ya problem is,, we used to be a small company that never had a IT dept, and so forth,, and growed very very fast, to now having a IT dept, and as of right now, we do not really have a Internet Usage Policy, so i dont think we can take much action with the user, but im not sure on that
i dont quite understand what you ment by creating a bogus address in the host
sorry im not quite that deep into the IT field yet lol
Click to expand...

One the clients computer, the location will depend on version or installation setup but for the most part if it's Windows go for c:\WINDOWS\system32\drivers\etc\hosts (replace Windows with WinNT if it's 2000, NT 4). Open that up with notepad or word pad. Once you got it open, just add www.vtunnel.com vtunnel.com and the like to the end of the line that should have "127.0.0.1 localhost".

Example

Code: 
127.0.0.1       localhost www.vtunnel.com vtunnel.com
 
Thanks
The Hosts file thing works perfect.
Now my question is, as of now i dont have our own DNS servers in place, but when i do
would i be able to edit the hosts file on the dns servers itself and block this or do like now,, change the host file on each workstation??
 
You must log in or register to reply here.
Back
Top