How do I block https(SSL) websites?

[Mikey_Gore]

I have been trying to block access to proxy sites without success. What I have done works on some but not all.

I've used a program called Internet Lock to block the port 443, but still I can access the proxy site.

I've put the name of the domain in the list of block sites, still it passes.

I tried to find out the IP address of the website, but I can't find it. Don't know if that would even work anyway.

One proxy site in particular seems to bypass all locks. https://unblockit.cc

If anyone knows how to block such sites, without losing access to gmail, yahoo mail, hotmail, it would greatly be appreciated.

Thanks

Mike

 

[tracker1]

I think www.hidemyass.com will also bypass your locks. You can check its IP address using ping or nslookup. You can also block its ip address using your host file.

 

[Mikey_Gore]

How do I check using nslookup, an example would be great. I had already done the ping in CMD, and it didn't work. The IP address for unblockit.cc is 216.55.183.105. If I type the IP address in, it says it is blocked, if I type the domain name of that IP address (https://unblockit.cc) it still accesses it.

Hidemyass isn't an ssl website, and you can also render such sites useless, by putting proxy, proxies into the banned keywords list.

Any help to block the above mentioned site is really welcome. So far nothing is working. It's making all the blocker sofware programs look really pathetic. For with just one website, it becomes utterly useless.

 

[tracker1]

nslookup unblockit.cc

You don't need other softwares to block websites.
1. open cmd.exe as admin
2. notepad %systemroot%\System32\drivers\etc\hosts
3. add the following:

127.0.0.1 unblockit.cc
127.0.0.1 216.55.183.105
127.0.0.1 anywebsiteyouwant_to_block_or_its_ip_address

4. Restart windows

 

[DelJo63]

While the HOSTS file will work for a few sites, the issue for things like hidemyass.com (aka anonymous proxies) is far more difficult.

First, the HOSTS file maps a domain name into the localhost address 127.0.0.1 which rarely has a webserver running on it. That does not block access by ip-address, eg http://74.125.224.197/ (which is one of several google servers). For illustration, Google.com is available on these addresses:

C:\Users\Jeff>nslookup google.com
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Non-authoritative answer:
Name:	google.com
Addresses:  2001:4860:4007:800::100e
		  74.125.224.197
		  74.125.224.198
		  74.125.224.199
		  74.125.224.200
		  74.125.224.201
		  74.125.224.206
		  74.125.224.192
		  74.125.224.193
		  74.125.224.194
		  74.125.224.195
		  74.125.224.196

So, to block a given site you would need to block ALL of it's known server addresses. Your firewall might be useful to block 74.124.224.194-74.125.224.206 for all ports, but if you have multiple machines on your home LAN, then the block would need to be within the gateway router itself. Blocking all ports also inhibits access to gmail.

Now multiply the number of anonymous proxies on the Internet by the number of ip addresses they own and it is obvious that this is an unworkable solution. Don't forget, new anonymous proxies could be created and/or new ip-addresses of existing ones and you will never be able to keep your block list under control.

 

[DelJo63]

An alternative approach I have had some success with is a KEYWORD block in the router. On my Netgear router, the website title is scanned for any keyword listed and if found, access is denied. On this router, only a root word needs to be listed and all prefix/suffix variations are found.

 

[Mikey_Gore]

I tried the host file thing. For some reason it worked, but after a restart I just had access again for some stupid reason. I checked the host file, and nothing changed after the restart so it should have worked.

I know what you said is true, but I have managed to block most of the other proxies with another internet blocking program. And for some reason I have succeeding in blocking most of them.

The reason is I am trying to block access to unblockit.cc because someone I know is using this most often, and I don't think they are aware of many other proxy sites. Also as I said, most of the other proxy sites are inaccessible. Hidemyass.com for example didn't load on the machine.

 

[DelJo63]

After adding an entry to drivers\etc\HOSTS

you must do this to make it effective

1. ipconfig /flushdns
2. net stop "dns client"
3. net start "dns client"

all three must be performed using an ADMIN login

 

[Mikey_Gore]

Thanks for your advice.

I have however found a software that does exactly what I want with great ease, and it is blocking all of the HTTPS websites out there.

Here is what I have decided to use for your consideration:

HT Employee Monitor. You can download it from download.com

Cheers