How to disable https for one user and all browsers?

J

John Musbach

Registered
Hello, I am installing parental controls for someone and as good as they are I have come to realize that they cannot filter https traffic and as a result any measures set by the parental controls can be easily circumvented should a website support the https protocol. How can I deny the users attempt to utilize https traffic no matter what browser he/she uses? I realize that this could be done via a ipfw rule but that rule 1) would disappear each reboot (I have tried before adding rules via the Terminal and while it works, those custom rules seem to be removed each time the computer is rebooted. The only rules that stick are those that are added via the Firewall preferences and that area does not allow one to select ports to deny, hmm...) and 2) would apply for all users, I would like something that sticks across reboots and only applies to this one user. Thanks!

--
Best Regards,

John Musbach
 
I discovered a solution, I used this script: http://www.ibiblio.org/macsupport/ipfw/firewall_1 from http://www.ibiblio.org/macsupport/ipfw/ . I set it up as a LoginHook adding a conditional at the beginning of the script that checked the $1 variable to make sure it only ran on the desired user ($1 returns the short name of the user logging in). I removed all the custom rules in the script and added the following which blocks any outgoing https requests:

/sbin/ipfw -f add drop tcp from any to any src-port 443

Problem solved :)

--
Best Regards,

John Musbach
 
The only problem you will have now is when they bounce traffic off a proxy, which is really easy.
 
You must log in or register to reply here.
Back
Top