How To Block Facebook App From Router
- Home
- Security
- Web Content Filtering
Using OpenDNS, we have successfully blocked Facebook trough Browsers on our school network and wireless network (laptops using wireless network). We are using Unifi AP's for our wireless network. We thought we had the Facebook Monster defeated.... that's where we are wrong.
The teachers and faculty have recently been expanding their "wireless inventory" with iPads and Nooks and of course, the faculty and students always have their mobile devices on hand. Using these devices, the students can successfully use the Facebook Mobile App on our Guest Wireless Network, despite our coordinated best efforts to stop this.
My question is this: Has anyone successfully blocked the use of the Facebook Mobile App on their wireless network (not through browsers. the actual app)? If so, how?
Thanks.
The help desk software for IT. Free.
Track users' IT needs, easily, and with only the features you need.
14 Replies
Haven't personally used OpenDNS but could you not add following to OpenDNS to block complete access to facebook:
*facebook.com
*blog.facebook.com
*apps.facebook.com
*login.facebook.com
*m.facebook.com
*mobile.facebook.com
*touch.facebook.com
*0.facebook.com
OR
Block IP addresses used by facebook: (Not sure how correct these IP addresses are)
Following IP address ranges are known to be used by Facebook:
66.220.144.0 - 66.220.159.255
69.63.176.0 - 69.63.191.255
69.171.224.0 - 69.171.255.255
204.15.20.0 - 204.15.23.255
Additional IP ranges which may be assigned to Facebook Inc. (Optional)
65.201.208.24/29
65.204.104.128/28
66.92.180.48/28
66.93.78.176/29
66.199.37.136/29
67.200.105.48/30
74.119.76.0/22
173.252.64.0/18
We have done all of that. We've blocked all known web addresses and IP addresses... and there are a whole lot of them. Like I mentioned before, this successfully kills access to Facebook through any web browser.
However, the Facebook Mobile App seems unaffected whatsoever by any and all efforts. It would almost appear as if Facebook is doing this intentionally.... and it's making life for my whole department a living hades. There is more pressure being put on us each and every day this isn't solved, considering the exponentially growing number of mobile devices and tablets on campus.
Here's one article, but it specifically speaks to only FB, not the mobile app.
http:/
Are you positive that they are doing it via your network and not via hot spots or their provider?
Is there a wireless guest network that does not require access control that isn't tied to your DNS?
Here is also an article on bypassing the proxy:
http:/
You could try to learn something from this link. I can't get to it from work because our work blocks articles on proxy avoidance: www.wikihow.com/
I assure you there are no rogue access points passing any traffic. We have the wireless locked down tighter than Fort Knox. Bringing personal wireless routers on campus is against board policy and we can detect and rogue AP's using our Unifi controller to pick them up, and then going on campus and confiscating them.
I have seen it on several occasions. I am able to reproduce the same results on my iPhone with the Facebook App connected to our guest network.At one point in time, we did have the app blocked. However, it would be wide open the next day or so, almost as if Facebook was constantly circumventing any way to block the use of their app.
idcloak, as well as any other available proxy services are blocked through OpenDNS. All those websites listed on that last link are currently blocked. I just checked them.
It is indeed the App itself that is circumventing our security measures somehow. Through any web browser, Facebook is blocked. However, jump on the Facebook Mobile App on our guest network and it is wide open.
Anybody know if there is a mobile version of Wireshark?
Google App Store has Shark for Root. I haven't tried it though.
I would verify that traffic is really using the Wi-Fi and not cell network. By disabling the cell card.
The you should be able to wire shark the traffic coming out of the ap or controller ( if the ap can't capture directly ) find the Mac or IP of your device to filter the traffic. You can then find the IP of who they are using to get past your filter. Maybe even get the DNS names they are using.
I'd also suggest you block their CDN, the domains: fbcdn.com + fbcdn.net
The bottom post of this thread also has another idea on IP blocking...
http://forums.opendns.com/comments.php?DiscussionID=15777
Is it possible the facebook app knows it's blocked on the WiFi, so it goes out on the devices 3G or cellular connection instead? ...nothing you're going to be able to do about that (Except maybe install cell phone jammers, which have been ruled illegal in certain areas because it can prevent people from calling 911 in an emergency, so maybe, bad idea)
I have the cellular network disabled on my test device and it has still been able to bypass our security measures on the Guest Wifi. The only functioning DNS on our network is our own. We have had several people complain about not being able to access the internet but still getting on the network... most often the problem is someone or some program has changed the DNS and it broke their connection.
We found a few more IP address ranges to block yesterday and added them to our already massive "Facebook Block List." This was successful in blocking the Friend Request and Messenger features of the Facebook Mobile App, but the Notifications and and News Feed portions are still working!?!..... I can only assume our problem is that Facebook just keeps expanding its available IP ranges to circumvent any blocks... or maybe its just a coincidence.
I have helped organizations and their users to minimize the damage. Utilizing Bluecoat, you can keep your users to a read only status. Hope this helps!
We've since moved to Xirrus wireless and utilizing iBoss for our filtering, and between the two we are able to block the Facebook mobile app..... but it is rather futile as student's can just swap over to their cellular data.
On the positive side, at least it cuts down on needless bandwidth utilization.
Same problem here, what rules should I add in the firewall to block this app?
Hi skillet_man, can you please post the IP ranges here?
I am trying to block the facebook app on my company router.
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How To Block Facebook App From Router
Source: https://community.spiceworks.com/topic/417078-block-mobile-facebook-app-on-school-wireless-network
Posted by: mooreadezvot.blogspot.com
0 Response to "How To Block Facebook App From Router"
Post a Comment