Forum Index | Search | Register (New User) | Login (Existing User) | Who's Online | FAQ | Main Site

Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc. Previous thread View all threads Next thread


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User deleted
(deleted) Thu 06-Feb-20 00:43:12
Print Post

Blocking port 80 and 443 but allowing http traffic


[link to this post] 		 
Hi

Somebody suggested a proxy to me which is probably the most practical.

Does anyone know how I can setup squid to allow http/ https traffic through only but deny
say teamviewer from falling back onto port 80. May I emphasize this is on my network at home

Edited by deleted (Thu 06-Feb-20 01:33:15)
Standard User ian72
(eat-sleep-adslguide) Thu 06-Feb-20 10:30:14
Print Post

Re: Blocking port 80 and 443 but allowing http traffic


[re: deleted] [link to this post] 		 
You would need a firewall that understands protocols as well as ports.
Standard User jchamier
(eat-sleep-adslguide) Thu 06-Feb-20 10:43:10
Print Post

Re: Blocking port 80 and 443 but allowing http traffic


[re: deleted] [link to this post] 		 
In reply to a post by picky_user:
Does anyone know how I can setup squid to allow http/ https traffic through only but deny
say teamviewer from falling back onto port 80. May I emphasize this is on my network at home

You would need a switch that can force all traffic on these ports to the proxy, and then a proxy that validates the traffic. I haven't seen such switches at the domestic level pricing.

This is not easy,

VirginMedia 200/20 (22 Nov 19). Was FTTC for 7 years (55/12 to 46/5)
20 years of broadband connectivity since 1999 trial - Live BQM


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Thu 06-Feb-20 10:56:37
Print Post

Re: Blocking port 80 and 443 but allowing http traffic


[re: jchamier] [link to this post] 		 
It depends on how much control they have over the end points - if they control the end points they could potentially force the proxy config. If they want to block for any random end point then you would block all ports on the router and only allow outbound via the proxy.

However, thinking further to do application level blocking on 443 would also require a firewall that is capable of SSL interception and inspection. Not sure how capable squid is but they could be looking at enterprise grade firewall/proxy to enable all of this.

EDIT : looks like squid can do SSL interception using SSL Bump. However, might require quite a bit of research on the OPs part to work out how to get all of this working properly - it is unlikely to be for the faint hearted.

Edited by ian72 (Thu 06-Feb-20 10:59:51)
Standard User CarlTSpeak
(member) Thu 06-Feb-20 12:15:50
Print Post

Re: Blocking port 80 and 443 but allowing http traffic


[re: ian72] [link to this post] 		 
In reply to a post by ian72:
You would need a firewall that understands protocols as well as ports.


This. With interest. You'd need something that recognises Teamviewer and blocks it regardless of port.

Can't just use a proxy and have it force clients to log in as a bunch of stuff uses 80/443 that won't appreciate being told a login in required by a proxy.

Something based around Snort might do the trick?

Building better networks, not just faster ones.
Standard User jabuzzard
(committed) Thu 06-Feb-20 19:25:23
Print Post

Re: Blocking port 80 and 443 but allowing http traffic


[re: CarlTSpeak] [link to this post] 		 
You need deep packet inspection along with SSL interception and even then they could tunnel stuff out with a VAN or SSH. Devices capable of doing that are not going to be cheap.
  Print Thread

Previous thread View all threads Next thread
Jump to