How to block web traffic for some websites without proxy server

Issues related to applications and software problems and general support
Post Reply
malikchand
Posts: 3
Joined: 2021/02/22 09:37:44

How to block web traffic for some websites without proxy server

Post by malikchand » 2021/10/10 11:22:24

Hi.
In our windows environment we need to block or filter internet some websites using Centos 8 For squid proxy server we need to assign group policy or add proxy address one by on which is not possible for us We need something through centos to filter our internet.Kindly advice necessary.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: How to block web traffic for some websites without proxy server

Post by jlehtone » 2021/10/10 12:48:47

Sounds like your clients connect the "internet" via a router, which is a CentOS.

Firewall filters traffic. CentOS Linux 8 has two firewall management options: firewalld.service and nftables.service.
The FirewallD has practically no support for filtering forwarded and output traffic. (Version in Stream 8 / RHEL 8.5 might have some.)
The nftables has the rules that you create. It is easy to make logical mistakes, so firewall rules are best written by a pro.

However, an another/additional approach is to override DNS. When client tries to connect forums.centos.org, it has to resolve the IP address first. If the DNS tells the client that the IP address is 127.0.0.1 (or other "black hole") then the client will never send anything to the real forums.centos.org server.

Alas, user can type IP address that they know, so DNS spoofing does not stop the user, just makes use less convenient. You need a filter in router.

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: How to block web traffic for some websites without proxy server

Post by pjsr2 » 2021/10/11 12:25:27

If your Windows computers use DHCP, you configure on the dhcp server to send the proxy configuration together with the IP address. By default, Windows and Linux computers that use dhcp, will use the proxy server settings that they receive from the DHCP server.

When you want to use squid (or any other proxy server) to filter access to external websites, you have to ensure that all outbound traffic to port 80 (http) or 443 (https) is blocked in your firewall. If you want to be friendly to users or computers that have not configured the proxy, you can configure your firewall to forward all outbound traffic for ports 80 and 443 to your proxy server instead of bluntly blocking it. This way requests from computers in your network that have not configured the proxy correctly, are still going through your proxy.

Post Reply