1

I need to block access to certain pages on a website using regular expression and/or wildcard. The site uses https and therefore cannot be blocked using regular parental control filters (this is because you can either block all https traffic or allow them but you cannot allow only certain URLs on a specific domain because the traffic is encrypted).

Is there any way to block specific URLs on a https site (with regex / wildcard) while allowing others?

peterh
  • 2,938
  • 6
  • 25
  • 31
Keng Kolk
  • 21
  • 3
  • from the server's perspective or the browser's perspective? – schroeder May 22 '15 at 20:58
  • What do you mean the server perspective? – Keng Kolk May 22 '15 at 21:03
  • do you want to block users from reaching certain pages on your server, or do you want to prevent your browser from accessing pages on someone else's server? – schroeder May 22 '15 at 21:05
  • Does [that](http://security.stackexchange.com/questions/48077/is-there-any-solution-for-block-the-https-traffic-using-url-filtering "Is there any solution for block the HTTPS traffic using URL filtering?") answer your question? – ckujau May 22 '15 at 21:05
  • ah - I assume this is related to your other question? We need more context in order to help you. – schroeder May 22 '15 at 21:11
  • @ schroeder - I want to prevent someone from using my own server to access pages on a secure website.. – Keng Kolk May 22 '15 at 21:15
  • have you looked at a transparent proxy to limit this. I've heard squid can be setup to do just what you want. – LvB May 22 '15 at 23:55

1 Answers1

-1

Only intermediate entities (firewalls) can't see the https URLs, the remote server and your browser obviously can.

If it is a parental control system, maybe you don't need to defend against a highly sophisticated attack (here "highly sophisticated" == "can uninstall browser plugins").

There are numerous plugins for the task (example). Some of them has also a functionality to make its removal much harder.

Next to that, although you can't block an URL from an intermediate entity, but you can block whole sites. The name of the used virtualhost is visible, cleartext-transmitted since some years in the TLS protocol.

Community
  • 1
peterh
  • 2,938
  • 6
  • 25
  • 31