"facebook blocking"

johnson_varghese · February 5, 2013, 8:42pm

Sir

I want to block facebook access in my local network. I have already tried with web blocking option in peplink device, but it only block the http traffic, i need to block https also. How can i block https://www.facebook.com on peplink. please advice

Thanks & Regards
Johnson

Ron_Case · February 6, 2013, 12:42am

Hi Johnson,

You can accomplish this with an outbound firewall deny access rule. This is under Network> Firewall> Access Rules. Below is an example:

Protocol = Any
Source = Any Address
Destination = Domain Name = facebook.com
Action = Deny

Best regards,

Ron

Haruki · February 7, 2013, 1:37pm

I would like to add that this rule is effective only when clients are using a “browser” such as IE, Firefox, Chrome.
Nowadays there are more and more Tablets out there such as an iPad and Android based device even in a business field. You won’t be able to prevent users from accessing Facebook “app” with this rule.

Whether it’s an iOS or Android device, apps are difficult to block. Just so you know…

Thanks,
Haruki

johnson_varghese · February 10, 2013, 1:41pm

Sir

Thanks for your greatefull repay. But we have one more issue that there is no "Domain Name " drop down option in firewall> Access Rules> Outbound Firewall Rules. There i found only these options ( Any Addrees, Single Address, Network ). Then how do i enable domain name option in outbound rule

Thanks
Johnson

Ron_Case · February 10, 2013, 11:34pm

Hello Johnson,

This is a newer feature so you will want to get the latest firmware. You can download 5.4.7 firmware by registering the device at http://www.peplink.com/support/downloads/.

Best regards,

Ron

Networkguy · February 12, 2013, 2:37am

This does not make any sense to me. Please explain why.

Ryan

Haruki · February 12, 2013, 4:51am

To better explain why this rule doesn’t work for mobile apps, the following article should help:

"While standard Layer 2 and Layer 3 firewalls prevent unauthorized access to internal and external networks, firewalls enhanced with application-level inspection examine, identify, and verify application types at Layer 7 to make sure unwanted or misbehaving application traffic doesn’t join the network. With these capabilities, the firewall can enforce endpoint user registration and authentication and provide administrative control over the use of multimedia applications. "

Reference: Cisco Security Products and Solutions - Cisco

With the current firmware, we don’t have the ability to identify and block the mobile apps packet (Layer 7 filtering). However, it would be a good feature request. I hope this clarifies the matters.

Thanks,
Haruki

Networkguy · February 12, 2013, 8:07am

I don’t think so. The facebook app still uses http access behind.
The mobile app will open on your mobile device, but the access will be denied. Doesn’t have to be layer 7 filtering. The access is still Layer 3.
Try and you’ll see it.

Haruki · February 12, 2013, 2:59pm

Thank you for pointing this out and I do appreciate your feedback.

I did some experiments myself here as well when the domain facebook.com was denied in the Outbound Firewall rule.

Logging into the app -> Both iOS and Android failed = they seem to be using HTTPS for authentication from the Firewall logs.
When the apps have been authenticated already in both platforms, it is difficult to maneuver around the pages for sure. (I had better luck with the app in Android for some reason although it still gave me network error message.)
Some actions seem to have been accepted although it was not always consistent. For instance, you could update your status in your profile. (Again, there were times when I needed to retry updating the status to take effect.)

The Firewall rule specifically for the domain facebook.com seems to be effective to a certain point, but it’s not a perfect solution.

The point I wanted to make here is that I wouldn’t recommend that customers rely on the Firewall rules in the Balance to block apps completely in iOS and Android devices at the moment. However, this would be a great feature to add to our Firewall.

Thanks,
Haruki

Rexymav · March 3, 2014, 9:06pm

Blocking facebook.com is pretty inconsistent and it should be facebook.* for best results. It seems like Facebook is now rolling to other domains if it can’t get out on .com.

Also, I’d really like to see a timed feature on rules. We need to block Facebook during working hours (8AM-5PM Mon-Fri)) but maybe allow it during lunch (12-1PM) and weekends. It is pretty labor intensive for someone to enable, disable, enable, disable rules every working day so they end up not doing anything…

Rexymav · September 14, 2014, 6:24am

Seems like something broke in 6.1.2, you can no longer add wildcards so facebook.* is no longer accepted??

Rexymav · September 14, 2014, 9:49am

Definitely a bug in 6.1.2, I reverted to 6.1.0 on my B30 and was able to use the wildcard then went back to 6.1.2 and it stayed though doesn’t seem to be working anymore to block Facebook…

TK_Liew · September 14, 2014, 7:07pm

Hi,

We have identified this is a bug. Our team is fixing this issue now. Will keep you posted the update.

Sorry for any inconvenience caused.

Shajeeulla_Khan · January 31, 2015, 7:08pm

Hello,

You have explained in this post how to add wildcard i.e. domain.* for blocking domains, this will block only TLD’s, however i am looking to block sub domains & tried to add * before domain name, for example: i want to block facebook completely & would like to add *.facebook.com in the peplink device, but unfortunately peplink is not accepting * before domain name, please advise.

Note: if somehow we manage to add * before domain i.e. *.facebook.com then i think we can block facebook completely from the mobile as well…

I have Peplink 310 & the firmware version is 5.4.9 build 1564

Your earliest response will be highly appreciated.

Regards,
Shajeeulla Khan

Rexymav · January 31, 2015, 9:21pm

It was five (5) months ago this bug was identified, when do you anticipate it being fixed? Also the suggestion for leading and trailing wildcards makes sense.

Thanks,

TK_Liew · February 3, 2015, 11:26am

Hi Shajeeulla,

You should configure facebook.com instead of *.facebook.com.

Hope this help.

TK_Liew · February 3, 2015, 11:29am

Hi,

v6.2 RC (Release Candidate) to be available today or tomorrow. Stay tuned.

Shajeeulla_Khan · February 3, 2015, 3:10pm

Hi,

facebook.com will only block www.facebook.com, but none of the subdomains isn’t be blocked.

For example if i need to block static.facebook.com or example.facebook.com or anysubdomain.facebook.com, i need a way to configure a general rule i.e. *.facebook.com which blocks any name leading facebook.com. This feature is available in almost all firewalls except peplink.

Please advise.

Regards,
Shajeeulla

TK_Liew · February 3, 2015, 4:45pm

Hi Shajeeulla,

If “facebook.com” is entered, any web site with a host name ending in facebook.com will be blocked, e.g. facebook.com, www.facebook.com, example.facebook.com, etc. However, “myfacebook.com” will not be blocked.

Please take note Web Blocking feature in Balance router only blocks Http traffics. If you need to block Https traffic, please use Outbound Firewall Rule.

Shajeeulla_Khan · February 3, 2015, 4:51pm

Hello,

I am using outbound firewall only to block facebook.com & have blocked successfully for the desktop & laptop users, but for mobile users i need to block several domains which precedes facebook.com i.e. for example (anything).facebook.com, hence is there any possibility of blocking sub domains in general using “*” or any other character or peplink doesn’t have this feature?

Regards,
Shajee