Quote:
Originally Posted by rocket357
That approach is full of holes, of course, as using a public proxy can defeat it, and you're also blocking *everything*, including email servers, etc...
If the primary concern is blocking users from surfing facebook, amithapr may be able to leverage relayd for that and not have to resort to a ASN block =)
Really depends on exactly what level of lockdown is required. I have teenagers who have proven that social media is far too strong a temptation over getting homework done, so I've had a get creative in my approaches.
|
Some companies like Google use servers outsourced for them by other companies (it means other AS number) to handle traffic to regional domains. For example google.com is blocked by your script, but google.pl is not always blocked. To seal this leak use information stored in public DNS servers via dig(1) tool and then concatenate CIDRs with CIDRs retrieved by whois(1).
I don't know how this approach plays with websites behind Cloudflare reverse proxy.