User Tools

Site Tools


This is an old revision of the document!

How-to block access to Facebook and Myspace

Q. I would like to know if there a way to block access to Facebook and Myspace as well as instant messaging. I tried to block before and it only blocked it that one way leaving countless other ways to access it. Same with Facebook. Others like and are much of a pest as well.

A. I suspect the problem is that you can't block encrypted (https) connections by domain name. The connection is encrypted so you can't tell whether you're connecting to a given site.

S. Try doing an nslookup to determine the ip(s) of the sites you want to block. For example, if I run: <shell> $nslookup </shell> I get: <shell> Non-authoritative answer: Name: Address: Name: Address: Name: Address: Name: Address: Name: Address: </shell> You could just block those ips, but big sites like facebook control a large block of ip addresses, and this could change. Here's a trick you can use to address that. Do a whois on one of the above ip addresses, and it will often tell you what the exact range is. <shell> $whois

OrgName: Facebook, Inc. OrgID: THEFA-3 Address: 156 University Ave, 3rd floor City: Palo Alto StateProv: CA PostalCode: 94301 Country: US

NetRange: - CIDR: OriginAS: AS32934 … </shell> I just included the top portion of the whois result since that's the important part. It tells you that Facebook owns the subnet. Block that, and you block facebook. Problem solved!

You can use the same tactic to lookup as well. Actually, I'll save you some time: there are two subnets you should block for myspace, and

tip.1311149457.txt.gz · Last modified: 2011/07/20 08:10 by ispyisail