block youtube app and facebook app on mobiles phones
-
i set proxy setting for mobile, and i remark that facebook is blocked but youtube is not blocked, it seems that youtube app not using youtube.com to connect to the server,
-
@IT-ADMIN said:
@IT-ADMIN because if you don't inform your browser which proxy to use, https will consider the proxy as a man in the middle, and will drop the connection
No, you are thinking of the way that you are using a proxy "non-transparent." A transparent proxy you don't tell the browser about. That's what transparent means - that the proxy happens without anything needing to know about it.
-
@IT-ADMIN said:
all 443 traffic will not be established because the app itself is unaware about which proxy to use
It's transparent so everything goes through the proxy.
-
@IT-ADMIN said:
i set proxy setting for mobile, and i remark that facebook is blocked but youtube is not blocked, it seems that youtube app not using youtube.com to connect to the server,
You'll need to block all YouTube sites, which are many. Blocking by domain name is not very effective. There is always a way around that by IP address.
-
if i set a transparent proxy and block some URLs, users cannot access http://facebook.com, but if they just add s after http, they can access easily, i tried it !! i'm sure
-
@scottalanmiller said:
@IT-ADMIN said:
i set proxy setting for mobile, and i remark that facebook is blocked but youtube is not blocked, it seems that youtube app not using youtube.com to connect to the server,
You'll need to block all YouTube sites, which are many. Blocking by domain name is not very effective. There is always a way around that by IP address.
also blocking by IPs is not efficient, because IPs of servers keep changing, and it is difficult to know all IP range used by a specific server
-
in the begining i though that app can be blocked by closing some ports numbers, but it seem that almost all of the apps use either 80 or 443, and if close one of these port it is like i closed everything !!!
-
@IT-ADMIN said:
if i set a transparent proxy and block some URLs, users cannot access http://facebook.com, but if they just add s after http, they can access easily, i tried it !! i'm sure
Are you just clicking a box called "transparent proxy" or are you actually changing your network correctly to accommodate the change in architecture?
-
@IT-ADMIN said:
also blocking by IPs is not efficient, because IPs of servers keep changing, and it is difficult to know all IP range used by a specific server
Correctly, blocking like you are doing is effectively impossible. There is always a simple workaround.
-
@IT-ADMIN said:
in the begining i though that app can be blocked by closing some ports numbers, but it seem that almost all of the apps use either 80 or 443, and if close one of these port it is like i closed everything !!!
Yes, normal businesses block all traffic on all ports and only allow 80 and 443 (web ports) via proxies. So any app that used another port would be assumed to be always broken, even in many homes. You need to proxy all traffic, not just some traffic, and you need a proxy that can terminate SSL for the end users are you are wasting your time because basically every site supports SSL today and if you can't filter SSL the proxy is pointless.
