I know there are some posts that touch on the subject. I donate time to a local non profit org. They have 4 computer labs and the kids have found a way to bypass the web filter. They are using sites like https://vtunnel.com. For now I am setting up the firewall to block Vtunnel.com's IP range. Will untangle be adding HTTPS filter later down the road?

Temp fix.

Create multiple racks. Block SSL and TLS on the protocol blocker module for certain users. This will block all https.

Or create a firewall rule for 443 traffic blocking certain IP's. . . that doesn't solve it if https is open on a different port, but wouldn't require multiple racks.

Thanks I will test your Idea's out. One question. How many firewall rules can you have in untangle?

@tpetkoff

we have the same issue, I wish the Web Filter could look at the https://URL and see if it is a blocked site. And if so then block access to the page.

As a solution not requiring Untangle. have you looked at Open DNS? http://opendns.com

One of the capabilities of using their DNS servers.

"Web Proxy Blocking

Prevent people on your network from bypassing the access restrictions you put in place. Blocking Web proxies helps ensure your network remains secure."

Block HTTPS url using IP in spyware blocker
example : www.meebo.com and https://www.meebo.com
IP : 208.81.191.110

block using subnet list add the ip 208.81.191.110

and walla.. done..
both HTTP and HTTPS for that sit Block

hi ecam21,

I just blocked gmail "64.233.161.83 209.85.171.83, 64.233.171.83"..
in spyware blocker event log it is showing that it is blocked but still it is allowing https trafic

ok well i have asked this before but i want to know if there is away to block https for everything and then make a pass list for specific ips. i have tried the fireall for pass lists and i have blocked the ip ranges of a given site but nothing works other than blocking https all together,

can you try to implement a protocol control exemption based on both source and destination ip's in future versions

any suggestions would be nice on what i can do, i just want to pass a few sites like gmail and some online banking

ok well i have asked this before but i want to know if there is away to block https for everything and then make a pass list for specific ips. i have tried the fireall for pass lists and i have blocked the ip ranges of a given site but nothing works other than blocking https all together,

Make sure your specific rules are ahead of the general rules, and this should work. Ie pass the IP ranges you like and then enter the block everything rule.


can you try to implement a protocol control exemption based on both source and destination ip's in future versions


Go ahead and add your feature requests to bugzilla (bugzilla.untangle.com) and it will get on the developer radar.

I'm still waiting to see a screenshot, since most have issues with the firewall rules.