Block or redirect HTTP and HTTPS Facebook on Windows Server 2008

[UnknownEntity]

Hi all,

Is there anyway to redirect http or https for facebook on Windows 2008 DNS server? I have attempted blocking the site using draytek 2820 router and it only manages to block http not https. Is there a way it can be done using DNS server on windows 2008? If not can these sites be redirected? Is there an easier way with LM hosts file?

Thanks,

Drakul.

 

[Noway2]

DNS is probably not the correct tool for the job. Theoretically, you could configure your name server to resolve a different IP, such as one to a local page that says "blocked", for these names, but there are easy and obvious ways around it. As you noticed, https, being a very simple one. The reason why HTTPS easily goes around it is that HTTPS connections conduct their handshake transactions via IP address, not domain name. In fact, in standard HTTPS, without SNI, the server name is deliberately avoided as part of the transaction. Another problem with DNS blocking is that it breaks easily. The DNS system was designed to be infinitely redundant, with sites mirroring one and other. When you introduce differences like this, it creates problems because it was designed NOT to work this way. Besides, one can simply use a different DNS server, such as Google's public DNS.

A better solution to your problem would be to pass your traffic through a Proxy, such as Squid or Bluecoat and use a filtering application. Of course, there are easy ways around this too. However, it should be sufficient for the less technically sophisticated and those with who possess the knowledge to get around it, going off to places like Facebook is probably a non issue anyway.