[c-nsp] How to prevent https facebook from the cisco router 1841

Matthew Huff mhuff at ox.com
Thu Nov 14 13:27:26 EST 2013


How about setting up a squid proxy for http and https and disallow all
port 80/443 traffic except via the proxy. In the proxy, you can control
exactly what websites are accessible then.


On 11/14/13 12:45 PM, "Pierre Emeriaud" <petrus.lt at gmail.com> wrote:

>> i need to prevent users to open Facebook https traffic from my router
>>cisco
>> 1841
>>
>> i can put it as ip but is there any thing else because the ip way not
>> efficient
>
>What about null-routing all advertised prefixes (32) from Facebook AS?
>
>$ whois -h asn.shadowserver.org prefix 32934 | awk -F" " '{print "ip
>route " $1 " null0"}'
>ip route 31.13.24.0/21 null0
>ip route 31.13.64.0/24 null0
>...
>
>Rinse & repeat every couple of months.
>
>
>
>--
>pierre
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list