How to disable https for one user and all browsers?
John Musbach
johnmusbach1 at gmail.com
Sat Jan 5 13:56:56 PST 2008
On Jan 5, 2008 9:26 AM, John Musbach <johnmusbach1 at gmail.com> wrote:
> Hello, I am installing parental controls for someone and as good as
> they are I have come to realize that they cannot filter https traffic
> and as a result any measures set by the parental controls can be
> easily circumvented should a website support the https protocol. How
> can I deny the users attempt to utilize https traffic no matter what
> browser he/she uses? I realize that this could be done via a ipfw rule
> but that rule 1) would disappear each reboot (I have tried before
> adding rules via the Terminal and while it works, those custom rules
> seem to be removed each time the computer is rebooted. The only rules
> that stick are those that are added via the Firewall preferences and
> that area does not allow one to select ports to deny, hmm...) and 2)
> would apply for all users, I would like something that sticks across
> reboots and only applies to this one user. Thanks!
I discovered a solution, I used this script:
http://www.ibiblio.org/macsupport/ipfw/firewall_1 from
http://www.ibiblio.org/macsupport/ipfw/ . I set it up as a LoginHook
adding a conditional at the beginning of the script that checked the
$1 variable to make sure it only ran on the desired user ($1 returns
the short name of the user logging in). I removed all the custom rules
in the script and added the following which blocks any outgoing https
requests:
/sbin/ipfw -f add drop tcp from any to any src-port 443
Problem solved :)
--
Best Regards,
John Musbach
More information about the MacOSX-talk
mailing list