How to block specific HTTPS traffic?

https ssl proxy traffic

Solution 1:

Although the example you cite in your question is trivial to achieve with a proxy because the URLs are not encrypted, and therefore easy to add to a blacklist, it IS possible to inspect HTTPS traffic going through a proxy.

Enterprise deployments usually achieve this by deploying an internally trusted certificate to their entire installed end user machines. Connections to the proxy server are done via this certificate (whether the users realise it or not), where the proxy software can decrypt the payload, inspect it and decide on its validity. The onward connection to the end site is done with "real" certs.

This is a bit of a sad state of affairs really, as it breaks the trusted model of SSL and TLS - but I know for a fact it's done - as it happens where I work.

Solution 2:

https site block with intrusion prevention(inline) system like snort and suricata is dead simple.

Both above IPS can use same signatures.

Here are some IPS rules for domain, port, ip address and file extension block.

http://kb.simplewallsoftware.com/help-faq/answers/useful-suricata-rules/

Related

Installed/Updated Windows 8 UEFI after Ubuntu - Restore GRUB
Are locks unnecessary in multi-threaded Python code because of the GIL?
How to force div to appear below not next to another?
Rails - passing parameters in link_to
Read and write to binary files in C?
What kind of List<E> does Collectors.toList() return?
Differences between Git-scm, msysGit & Git for Windows
What does the registerNatives() method do?
Unzip files (7-zip) via cmd command
How do I require one field or another or (one of two others) but not all of them?
aps-environment is always development
What is the difference between Dataset.from_tensors and Dataset.from_tensor_slices?