Monthly Archives: August 2014

How to block facebook videos on network without blocking facebook.com?

Complete blocking of facebook.com is cruel to users, you might want to only block facebook videos or photos without blocking the entire site.

According to our test, facebook now hosts all its photos and videos in “akamaihd.net”. If you block “*.akamaihd.net” with WFilter’s “https black list”, you still can access facebook, but no photo or video will show up. Your facebook becomes a simple text site.

Tests also shows all photos are hosted in domains named “fbcdn-sphotos-*.akamaihd.net”. To block facebook photos only, you can block tls sites “fbcdn-sphotos-*.akamaihd.net”.

Facebook local videos are hosted in “fbcdn-video-*.akamaihd.net”, to block facebook videos only, you need to add “fbcdn-video-*.akamaihd.net” into “website black list” of WFilter. The below figure shows a video being blocked.

WFilter 4.1 added monitoring by mac address solution for multiple-segment networks.

What is “by mac address monitoring mode”?

WFilter supports both “by ip address monitoring mode” and “by mac address monitoring mode”.

In “by mac address mode”, WFilter identifies a client device based on it’s physical MAC address. Even ip address of this device is modified(either by DHCP or by hand), WFilter still can identify it correctly. So the monitoring mode is useful in DHCP networks.

I would recommend you to choose monitoring mode in below steps:

  1. If ip addresses are static(or can be static), “by ip address” monitoring mode is recommended.
  2. If ip addresses are dynamic, “by mac address monitoring mode” is recommended for single-segment networks.

2. by mac address solution for multiple-segment networks

In a multiple-segment network, the core switch(gateway) will hide the real mac addresses of client devices, which makes the mac address monitoring mode not working.

In WFilter Enterprise 4.1, a program named “MAC Address Collector” is included. This program can detect and gather mac addresses of client devices via SNMP or ARP.

With “mac address collector”, you can monitor by mac addresses even in multiple-segment network.

More details and guide documents can be found at: Monitoring by mac addresses solutions

How to block HTTPS websites in network with WFilter Free?

Unlike HTTP, HTTPS connections are protected by SSL. To filter HTTPS websites, the web filter shall have the ability to parse SSL handshake packages.

WFilter, both the enterprise and free editions, all can support blocking of HTTPS domains.

In this post, I will demonstrator you how to block https sites with WFilter Free.

1. Enable Websites Black List

As in the figure, enable a website black list, and check “enable for https websites”. Both http and https websites in the black list will be blocked.

2. Sites being blocked.

HTTP sites being blocked, a denial page will appear.

HTTPS sites being blocked, because it’s impossible to inject a denial page into a ssl connection, WFilter will simple kill the https connection.

For more details, please check: WFilter Free – Free web filter software for network, network web filter software for business, network internet filter software for business