How To: Block sites accessed by IP Address

[Silver Bullet]

I have seen a couple forum topics asking about blocking sites that are accessed by it's IP address to get around the Web Filter. Well, here is how this is done using the Protocol Control module.

Click Show Settings on the Protocol Control Module.

Select the Protocol List tab

Click the green + sign to create a new rule.

You should have a new line appear green in the rules list.

In the Category cell, enter Block Access by IP

In the Protocol Cell, enter Access by IP

Check the Block and check the Log cells

In the Description Cell, enter Block requests made with IP address

In the Signature Cell, enter

Code:

(GET|POST|HEAD) [^ ]+ HTTP.*host: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b

Click Save

Now try to access a site by it's IP address. You should get a blank page and an Event should show up as blocked in the Protocol Control module's Event Log.

I have tested this and it seems to work fine. What that signature does is checks the "host" field in the request and if it contains an IP address in an http request, then it blocks it.

Have Fun enforcing the Web Filter!!

Thanks Seb for helping me fine tune it.

[Silver Bullet]

Edited the signature in the original post so that it should only apply to HTTP traffic.

[mdh]

HOT STUFF!

[tcbroonsie]

Thank you for sharing this tip. It works great!

[MSoucy]

Thank YOU!

One more step closer to only having one box for my firewall/filter

[Silver Bullet]

Quote:

Originally Posted by MSoucy

Thank YOU!

One more step closer to only having one box for my firewall/filter

What else is keeping you?

[IA76]

Thanks. Just what I needed.

[fartman]

Thanks, tested in 5.10 and it works.

[Ron Chandy]

"WOW" silver Bullet that was great stuff. IS there a system to block email addresses also. I have started a thresd on it..

[impmonkey]

Thank you for this. Infact back in school I used to get around the filters by using IPs so this is great.