I use IPCOP and URL filter to block unintentional access to undesirable or high risk sites to reduce the risk of a ‘drive-by download’ attack, but have found that preventing access to sites using HTTPS using URL filter doesn’t work so I needed an alternative solution that would work for a small number of sites.
Since even when using HTTPS the web browser needs to be able to lookup the address of the web server it wants to connect to, the solution is to simply redirect DNS lookups for the domains I want to block somewhere else (in this case 127.0.0.1 seems to work quite well). Redirecting DNS lookups isn’t a perfect solution, it will prevent users accessing the affected domains using either HTTPS or HTTP, but they won’t be redirected to the ‘block page’ and nothing will appear in the URL filter logs. Also you don’t want to go mad and block too many domains this way. If you think you need to then you probably want to turn the problem on it’s head and block all HTTPS traffic except for a limited number of trusted sites, and there are other good reasons why you might want to do it this way as well.
IPCOP uses dnsmasq so to block a domain all you need to do is add an additional ‘address’ entry into ‘/var/ipcop/dhcp/dnsmasq.local’ for every domain you want to block. The entries below have been culled from a number of web pages that included annoying or unwanted advertising.
# nano /var/ipcop/dhcp/dnsmasq.local
# # Used for private dnsmasq (DHCP) options. # After making modifications restart the DHCP server using the web interface # or restartdhcp. # Changes made will then propagate to the DHCP server. # # DNS Name Server server=192.168.0.1 # Redirect the following domains to 'localhost' effectively # blocking them (completely!) address=/.amazon-adsystem.com/127.0.0.1 #address=/.ssl-images-amazon.com/127.0.0.1 address=/.skimresources.com/127.0.0.1 address=/.2o7.net/127.0.0.1 address=/.adbrite.com/127.0.0.1 address=/.addthis.com/127.0.0.1 address=/.admeld.com/127.0.0.1 address=/.adnxs.com/127.0.0.1 address=/.adzerk.net/127.0.0.1 address=/.bluekai.com/127.0.0.1 address=/.clickbank.net/127.0.0.1 address=/.criteo.com/127.0.0.1 address=/.crsspxl.com/127.0.0.1 address=/.crwdcntrl.net/127.0.0.1 address=/.disqus.com/127.0.0.1 address=/.doubleclick.com/127.0.0.1 address=/.doubleclick.net/127.0.0.1 address=/.effectivemeasure.net/127.0.0.1 address=/.esm1.net/127.0.0.1 address=/.estat.com/127.0.0.1 address=/.exelator.com/127.0.0.1 address=/.gigya.com/127.0.0.1 address=/.gravity.com/127.0.0.1 address=/.imrworldwide.com/127.0.0.1 address=/.kinja.com/127.0.0.1 address=/.linkbucks.com/127.0.0.1 address=/.liveadvert.com/127.0.0.1 address=/.livefreetimenews.com/127.0.0.1 address=/.mail-corp.com/127.0.0.1 address=/.mktoresp.com/127.0.0.1 address=/.ooyala.com/127.0.0.1 address=/.optimizely.com/127.0.0.1 address=/.outbrain.com/127.0.0.1 address=/.owneriq.com/127.0.0.1 address=/.paresly.com/127.0.0.1 address=/.quantserve.com/127.0.0.1 address=/.res-x.com/127.0.0.1 address=/.revsci.net/127.0.0.1 address=/.scorecardresearch.com/127.0.0.1 address=/.searchmarketing.com/127.0.0.1 address=/.shareaholic.com/127.0.0.1 address=/.sitemeter.com/127.0.0.1 address=/.statcounter.com/127.0.0.1 address=/.techcrunch.com/127.0.0.1 address=/.tklist.net/127.0.0.1 address=/.triggit.com/127.0.0.1 address=/.tynt.com/127.0.0.1 address=/.xiti.com/127.0.0.1 address=/.yieldmanager.com/127.0.0.1 address=/.po.st/127.0.0.1 address=/.zdbb.net/127.0.0.1 address=/.newrelic.com/127.0.0.1 address=/.stipple.com/127.0.0.1 address=/.invitemedia.com/127.0.0.1 address=/.rubiconproject.com/127.0.0.1 address=/.casalemedia.com/127.0.0.1 address=/.adsonar.com/127.0.0.1 address=/.serving-sys.com/127.0.0.1 address=/.vizu.com/127.0.0.1 address=/.serving-sys.com/127.0.0.1 address=/.gravity.com/127.0.0.1 address=/.mixpo.com/127.0.0.1 address=/.yadro.ru/127.0.0.1