Block WWW.ORKUT.COM

[Fai Cheng]

I don't think this is impossible. depends on how you could configure the
firewall. If you can block all traffics but allow those only you need. (e.g.
to your partner site only, deny all outgoing traffic)

Modify the DNS / hosts files is a trick way but its work. but you have to
know what is behind the host. e.g. they can use orkut.l.google.com instead
of www.orkut.com. So the white list approach is easier to handle. (If you
can)

Of course different proxy (e.g. running proxy in 80 or 443 port) is hard to
block, this case you need to monitor the traffic and see any ppl go to
specific host with large amount of traffic. So you may notice the problems.

Fai

On 8/3/07, Patrick Proniewski <patpro at patpro.net> wrote:
>
> Hi,
>
> On 03 août 2007, at 09:36, Ali Faiez Taha wrote:
>
> > What I need to do to block the access to www.orkut.com, via
> > webproxy, anonymizer sites and direct access ?
> > I am using FreeBSD with PF, without Proxy server, 2 NICs (one for
> > Iternet and one for Intranet).
> > Actually I use a table with a lot of IP address blocked.
>
> This is just impossible, unless may be you have as much money and
> power as the chinese government.
> What you want to do is layer 7 firewalling: ie. looking into the HTTP
> transmitted, determine if it comes from orkut (directly or via a
> proxy), and block accordingly. You might want to known: even this
> won't work if the client uses HTTPS to connect to the proxy/
> anonymizer (in that case, HTTP transfer is encrypted, and you can't
> eavesdrop the http content.)
>
> patpro_______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>