https traffic block

This script is for blocking https traffic in the software router it self, I am using squid and it is not capable for  blocking HTTPS traffics, because 1 , the url is encrypted. 2, The routing table is only for handing traffic over port 80.

This script have two input file, it will create automatically in the first run. It have capability for local IP based restriction

Editable area in the script :

DIST=192.168.1.6            #IP where the request has to forward
DPORT=81                    #Port where the request has to forward
BLOCKPORTS=443              #Outgoing + incomming Port 
RULE=forward                #Possible options reject,drop,forward

If you have any web-page for giving a message to the user regarding the block, set it here

Enter the domain and local IP separately in the file, examples are shown below Download here

[anand@planetcure ~]$ sh https_block.sh --help
This script is for block https outbound traffic using source based requests
 -s or --silent Silent execution
 ssl_domains  File for enter SSL domain names
 ip_users     File for enter localip list

You must have to enable forwarding and execute it from root.

First run :

[root@planetcure]# sh https_block.sh 
Parent dir not found, Creating entire structure 
/opt/installer/scripts
|-- ip_users
`-- ssl_domains

0 directories, 2 files
[INFO]:We found empty input file. exiting..

Input Files :

[root@planetcure]# ls /opt/installer/scripts/
ip_users  ssl_domains

File input one by one :

[root@planetcure scripts]# cat ip_users
192.168.1.100
192.168.1.245
[root@planetcure scripts]# cat ssl_domains
www.enlook.wordpress.com
facebook.com
www.facebook.com

Output:

[root@planetcure]# sh https_block.sh 
Validating file structure
checking ssl_domains Ok.
checking ip_users Ok.
/opt/installer/scripts
|-- ip_users
`-- ssl_domains

0 directories, 2 files

 Executing source Ip 192.168.1.100 

76.74.254.123 blocked for the domain www.enlook.wordpress.com
192.0.80.250 blocked for the domain www.enlook.wordpress.com
192.0.81.250 blocked for the domain www.enlook.wordpress.com
66.155.9.238 blocked for the domain www.enlook.wordpress.com
66.155.11.238 blocked for the domain www.enlook.wordpress.com
76.74.254.120 blocked for the domain www.enlook.wordpress.com
173.252.110.27 blocked for the domain facebook.com
31.13.79.128 blocked for the domain www.facebook.com

 Executing source Ip 192.168.1.245 

76.74.254.120 blocked for the domain www.enlook.wordpress.com
76.74.254.123 blocked for the domain www.enlook.wordpress.com
192.0.80.250 blocked for the domain www.enlook.wordpress.com
192.0.81.250 blocked for the domain www.enlook.wordpress.com
66.155.9.238 blocked for the domain www.enlook.wordpress.com
66.155.11.238 blocked for the domain www.enlook.wordpress.com
173.252.110.27 blocked for the domain facebook.com
31.13.79.128 blocked for the domain www.facebook.com

Now set this as crone like below

*/05 * * * * /bin/sh /root/https_block.sh -s

If you run again the script it will show the current status of the blocked domain

[root@localhost bash]# sh https_block.sh 
Validating file structure
checking ssl_domains Ok.
checking ip_users Ok.
/opt/installer/scripts
|-- ip_users
`-- ssl_domains

0 directories, 2 files

 Executing source Ip 192.168.1.100 

Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        76.74.254.123       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        192.0.80.250        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        192.0.81.250        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        66.155.9.238        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        66.155.11.238       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.100        76.74.254.120       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:facebook.com      DNAT       tcp  --  192.168.1.100        173.252.110.27      tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
31.13.79.144 blocked for the domain www.facebook.com

 Executing source Ip 192.168.1.245 

Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        76.74.254.120       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        76.74.254.123       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        192.0.80.250        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        192.0.81.250        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        66.155.9.238        tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:www.enlook.wordpress.com      DNAT       tcp  --  192.168.1.245        66.155.11.238       tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
Domain:facebook.com      DNAT       tcp  --  192.168.1.245        173.252.110.27      tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 
31.13.79.144 blocked for the domain www.facebook.com

Now you have control in the network traffic usage.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s