dopaminadarktheme
Full Dopamina Dark Theme
Artigo em inglês
This lesson explains how to block, with the Endian UTM Appliance, facebook, twitter, and other sites that use SSL. Two different approaches will be shown in this lesson: Using an Access Policy rule in the HTTP Proxy, and using the DNS proxy
The first apporach should be used when the HTTP proxy is set to Non-Transparent, while the second approach is suitable for cases where the HTTP proxy is not enabled, or is enabled in Transparent mode.
In the Access Policy Editor, configure as follows the various options:
Finally, click on Update policy to save the new rule. After a few seconds, all services are reloaded and the new rule begins working.
Now, go to the Anti-spyware tab and insert in the textbos under the Blacklist domains label all the domains that you want to be blocked (ex. facebook.com) and click on Save.
1. Create an Access Policy to Block HTTP/HTTPS Sites.
This method is useful only when the HTTP Proxy is enabled in Non-Transparent mode. From the web GUI select from Menubar > Proxy > HTTP > Access Policy > Add Access Policy.
In the Access Policy Editor, configure as follows the various options:
- Source: The places where the clients will be subjected to the rule, which can be ANY, Zone, Network/IP, or MAC Address.
- Destination: The places that you want to block. In this case, the domains facebook.com and twitter.com. Write one domain per line, remember the starting dot if you want to : .facebook.com and.twitter.com.
- Access Policy: Deny access, for the rule to block traffic to the domains.
- Position: First, to make sure that this rule take precedence over other rule, which possibly allow access.
- Policy status: Click on the checkbox Enable policy rule to activate the rule.
- The remaining options may keep their default values.
Note
The dot before the domain name ( .facebook.com and .twitter.com) instructs the HTTP Proxy to block all subdomains of the sites, too.
Remember that you must configure your browser to use proxy also for SSL.
Finally, click on Update policy to save the new rule. After a few seconds, all services are reloaded and the new rule begins working.
2. Create a Rule in DNS Proxy
This method is useful ONLY in two situation:- you have the HTTP Proxy set in transparent mode (This method can intercept only HTTP traffic)
- you don't have HTTP proxy enabled.
Now, go to the Anti-spyware tab and insert in the textbos under the Blacklist domains label all the domains that you want to be blocked (ex. facebook.com) and click on Save.
Note
Older Endian UTM Appliances featured a different anti-spyware software, so the above screenshot may slightly differ, but the set up of the DNS Proxy rule is exactly the same
Seja Membro Gratuítamente
Assine a newsletter para receber em seu email as publicações atualizadas neste blog