How do I block https(SSL) websites?

By Mikey_Gore
Apr 21, 2013
Post New Reply
  1. I have been trying to block access to proxy sites without success. What I have done works on some but not all.

    I've used a program called Internet Lock to block the port 443, but still I can access the proxy site.

    I've put the name of the domain in the list of block sites, still it passes.

    I tried to find out the IP address of the website, but I can't find it. Don't know if that would even work anyway.

    One proxy site in particular seems to bypass all locks. https://unblockit.cc

    If anyone knows how to block such sites, without losing access to gmail, yahoo mail, hotmail, it would greatly be appreciated.

    Thanks

    Mike
  2. tracker1

    tracker1 Newcomer, in training

    I think www.hidemyass.com will also bypass your locks. You can check its IP address using ping or nslookup. You can also block its ip address using your host file.
  3. Mikey_Gore

    Mikey_Gore Newcomer, in training Topic Starter Posts: 27

    How do I check using nslookup, an example would be great. I had already done the ping in CMD, and it didn't work. The IP address for unblockit.cc is 216.55.183.105. If I type the IP address in, it says it is blocked, if I type the domain name of that IP address (https://unblockit.cc) it still accesses it.

    Hidemyass isn't an ssl website, and you can also render such sites useless, by putting proxy, proxies into the banned keywords list.

    Any help to block the above mentioned site is really welcome. So far nothing is working. It's making all the blocker sofware programs look really pathetic. For with just one website, it becomes utterly useless.
  4. tracker1

    tracker1 Newcomer, in training

    Code:
    nslookup unblockit.cc
    You don't need other softwares to block websites.
    1. open cmd.exe as admin
    2. notepad %systemroot%\System32\drivers\etc\hosts
    3. add the following:
    Code:
    127.0.0.1 unblockit.cc
    127.0.0.1 216.55.183.105
    127.0.0.1 anywebsiteyouwant_to_block_or_its_ip_address
    4. Restart windows
  5. jobeard

    jobeard TS Ambassador Posts: 13,010   +218

    While the HOSTS file will work for a few sites, the issue for things like hidemyass.com (aka anonymous proxies) is far more difficult.

    First, the HOSTS file maps a domain name into the localhost address 127.0.0.1 which rarely has a webserver running on it. That does not block access by ip-address, eg http://74.125.224.197/ (which is one of several google servers). For illustration, Google.com is available on these addresses:
    Code:
    C:\Users\Jeff>nslookup google.com
    Server:  dns-cac-lb-01.rr.com
    Address:  209.18.47.61
     
    Non-authoritative answer:
    Name:	google.com
    Addresses:  2001:4860:4007:800::100e
    		  74.125.224.197
    		  74.125.224.198
    		  74.125.224.199
    		  74.125.224.200
    		  74.125.224.201
    		  74.125.224.206
    		  74.125.224.192
    		  74.125.224.193
    		  74.125.224.194
    		  74.125.224.195
    		  74.125.224.196
    So, to block a given site you would need to block ALL of it's known server addresses. Your firewall might be useful to block 74.124.224.194-74.125.224.206 for all ports, but if you have multiple machines on your home LAN, then the block would need to be within the gateway router itself. Blocking all ports also inhibits access to gmail.

    Now multiply the number of anonymous proxies on the Internet by the number of ip addresses they own and it is obvious that this is an unworkable solution. Don't forget, new anonymous proxies could be created and/or new ip-addresses of existing ones and you will never be able to keep your block list under control.
  6. jobeard

    jobeard TS Ambassador Posts: 13,010   +218

    An alternative approach I have had some success with is a KEYWORD block in the router. On my Netgear router, the website title is scanned for any keyword listed and if found, access is denied. On this router, only a root word needs to be listed and all prefix/suffix variations are found.
  7. Mikey_Gore

    Mikey_Gore Newcomer, in training Topic Starter Posts: 27

    I tried the host file thing. For some reason it worked, but after a restart I just had access again for some stupid reason. I checked the host file, and nothing changed after the restart so it should have worked.

    I know what you said is true, but I have managed to block most of the other proxies with another internet blocking program. And for some reason I have succeeding in blocking most of them.

    The reason is I am trying to block access to unblockit.cc because someone I know is using this most often, and I don't think they are aware of many other proxy sites. Also as I said, most of the other proxy sites are inaccessible. Hidemyass.com for example didn't load on the machine.
  8. jobeard

    jobeard TS Ambassador Posts: 13,010   +218

    After adding an entry to drivers\etc\HOSTS

    you must do this to make it effective
    1. ipconfig /flushdns
    2. net stop "dns client"
    3. net start "dns client"
    all three must be performed using an ADMIN login
  9. Mikey_Gore

    Mikey_Gore Newcomer, in training Topic Starter Posts: 27

    Thanks for your advice.

    I have however found a software that does exactly what I want with great ease, and it is blocking all of the HTTPS websites out there.

    Here is what I have decided to use for your consideration:

    HT Employee Monitor. You can download it from download.com

    Cheers


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.