SEMTEC The SE MN preK-12 Technology Coordinators

Welcome to SEMTEC! Home of SE MN Educational Technology Leaders!

Blocking social networking

anyone got a clue on how to reliably block facebook, myspace, and the like?? facebook uses a range of ip address, i believe...

Views: 284

Reply to This

Replies to This Discussion

Permalink Reply by Bryan Berg on October 28, 2009 at 2:51pm
What IP addresses get by the firewall rules, Corey?
Permalink Reply by Corey J. Mattson on October 28, 2009 at 3:00pm
these, and more most likely:

69.63.181.11
69.63.181.12
69.63.181.13
69.63.181.14
69.63.181.15
69.63.181.16
Permalink Reply by Bryan Berg on October 29, 2009 at 9:13am
Those addresses do bring up a Facebook-type page even though our sonic wall is set to block facebook, but the log-in part of those pages looks odd....no place for a password. It's almost as if these might be pages that are used by Facebook when the "remember me" feature is used? I tried to click "login" without putting anything in the email field that's offered, and I get an error instead of a page asking me to re log-in. Is that what you see?
Permalink Reply by Corey J. Mattson on October 29, 2009 at 9:21am
I see the full page, login and everything...
Permalink Reply by Bryan Berg on October 29, 2009 at 2:08pm
That's interesting....I just get the abbreviated log-in and an error if I try to use it. I don't get the expected blocked notification screen, just an error. Weird. Good from our standpoint, I guess, but weird. I take it that you can log in using those addresses even though your filter is supposed to be blocking it?

Corey J. Mattson said:
I see the full page, login and everything...
Permalink Reply by Brian Moskalik on December 1, 2009 at 8:36am
I just tried these addresses, and found that one can try to log in with 69.63.181.11, but after the credentials are entered, it cannot navigate to the logged in screen. All the rest of the IP's listed, fail to load any page whatsoever. Have you found that you can reliably log in using these addresses?

It might be something in our firewall that is blocking this. We're using a Watchguard Firebox.

Corey J. Mattson said:
these, and more most likely:

69.63.181.11
69.63.181.12
69.63.181.13
69.63.181.14
69.63.181.15
69.63.181.16
Permalink Reply by Corey J. Mattson on December 3, 2009 at 1:41pm
they are using https://facebook.com or https://www.facebook.com to get in...I'm considering going to a default "drop" policy on my firewall to only let through what i want...anyone else ever done that??
Permalink Reply by Brian Moskalik on December 3, 2009 at 1:50pm
Corey J. Mattson said:
they are using https://facebook.com or https://www.facebook.com to get in...I'm considering going to a default "drop" policy on my firewall to only let through what i want...anyone else ever done that??

When I try that, it always returns to http, and the user must URL hack their request back to https to navigate anywhere. Is that what you are experiencing?

In doing the drop policy, if I am understanding you correctly, you're thinking of blocking everything, and allowing only approved websites through. We did something similar, and did large swaths of content filtering. We found it to be highly unmanageable. There were so many requests for content, that we would spend an hour or more per day, trying to open that specific content that had been requested. We ended up going to a global allow, with moderate subscription blacklists, as well as our own custom blacklist.

Unfortunately, in our current configuration, https://facebook etc, still get through, but only with URL hacking. However, we have come to the conclusion that this is an administrative / teacher monitoring issue. We can't make the network block every single thing we want.

Reply to Discussion

RSS

About

Bryan Berg created this Ning Network.
Create a Ning Network! »

© 2024   Created by Bryan Berg.   Powered by

Report an Issue  |  Terms of Service