Possibilty of blocking URL?

edanpedragosa · May 15, 2023, 5:23am

Is there a way to block e.g.:

without blocking the whole sites.google.com?

atw · May 15, 2023, 9:39pm

Hi @edanpedragosa this cannot be done via a firewall. It requires a proxy or endpoint solution. This is because a firewall does not have visibility into the content of a domain that is being visited, only the address.
The path part after the domain name is part of the content.

Victor · May 15, 2023, 9:51pm

It could be done with Plucky:ADAM.

Only on windows, Mac and Linux though. And it needs to be installed on each device.

Douglas_C · May 16, 2023, 2:02am

As they mentioned, blocking only a specific subdirectory within the sites.google.com domain without blocking all of sites.google.com, achieving this at the network level without using a proxy or reverse proxy can be challenging. Network-level blocking typically operates at the domain or IP level rather than at the subdirectory level.

In your case, blocking a specific subdirectory like “sites.google.com/sites/NAME,” which is hosted within the sites.google.com domain, a network-level solution might not be feasible with pfSense and adam alone.You’ll need a more advanced network infrastructure or additional tools beyond the capabilities of pfSense and adam.

I believe you’re going to require SSL interception to do this properly, which would involve a proxy/reverse proxy.

P.S.
I feel bad for you man, kids are creative…

Douglas_C · May 16, 2023, 2:02am

how do you get access to this?

Victor · May 16, 2023, 2:44am

It’s only available for MSS+ I believe.

It’s basically a modified version of this.
https://www.pluckyfilter.com/

It’s a complex setup. Needs lots of reading the docs.

edanpedragosa · May 16, 2023, 10:27am

Yes, for now I set all student devices on Zero Trust policy.

To avoid doing the whack-a-mole game again, I also blocked sites.google.com and github.io too as it has a lot of domains offering unwanted non essential contents.

Kids are really techie nowadays and we should be at least one step ahead of them.

atw · May 16, 2023, 12:48pm

Yes, for MSS+ we include a version of https://www.pluckeye.net which is an endpoint solution as I mentioned in my first post. But anyone can use it directly from their web site.
There are a lot of endpoint solutions out there. To enforce them you do need some kind of enterprise device management system as well.

Douglas_C · May 16, 2023, 9:00pm

I’m familiar with their product. I was just interested in this version, which I read about elsewhere on this forum. Can’t afford the MSS subscription for just me haha. As far as “enterprise device management system,” if you’re talking about an MDM, I do have Intune. Maybe this will be available when the new pricing model comes out? Anyway, thanks @atw and @Victor

adam_frans · May 18, 2023, 4:28pm

Hi, D.
You can find out more about the Plucky|ADAM version here:
adamnet.io/plucky

This is a collaboration that we do with Plucky specifically for content protection of mixed content domains as mentioned above. And yes, currently it is only available in the MSS+ bundle.