+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Mac Thread, Blocking the facebook app on ipads in Technical; Has anyone tried this? we have a Bloxx box, quite happily blocking facebook through safari, I.E etc. Princiaplly as those ...
  1. #1
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Blocking the facebook app on ipads

    Has anyone tried this?

    we have a Bloxx box, quite happily blocking facebook through safari, I.E etc. Princiaplly as those programmes access facebook through URL.
    The ipad app however uses a whole range of destination I.Ps to access, rather than URL.

    I have set up static routes, which work in part by preventing the login part of the facebook app from working.

    However, sometimes it will allow you to log in. and once logged in, that's it, full facebook access.

    we are not using MDM, as the students all own their ipads, and we are unable to implement MDM for this reason



    any ideas?

  2. #2
    Carter's Avatar
    Join Date
    Sep 2010
    Location
    Canada
    Posts
    264
    Thank Post
    10
    Thanked 64 Times in 41 Posts
    Rep Power
    18
    If I was doing it on any desktops or laptops I would just adjusting /etc/hosts so that facebook.com would go 10 localhost/172.0.0.1 which would just have the page not load. easier and faster than an application doing this on a computer. If there is a similar file on iOS I would adjust this.

  3. #3

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,855
    Thank Post
    1,162
    Thanked 1,028 Times in 729 Posts
    Rep Power
    323
    @ittech:

    Can you not setup a group policy for student users which blocks access using IP's?, you can on Smoothwall!

    This would do the trick

  4. #4
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    842
    Thank Post
    76
    Thanked 225 Times in 185 Posts
    Rep Power
    80
    If I was doing it on any desktops or laptops I would just adjusting /etc/hosts so that facebook.com would go 10 localhost/172.0.0.1 which would just have the page not load. easier and faster than an application doing this on a computer. If there is a similar file on iOS I would adjust this.
    Only doable if you jailbreak the device. Not a usable solution I'm afraid. The IPs should just tie down to facebook's CDN (s-platform.ak.fbcdn.net), the akamai CDN (fbcdn-photos-a.akamaihd.net), and pct.channel.facebook.com / m.c10r.facebook.com (or similar). Bloxx should be able to reverseDNS the IPs so that if you blacklist the domains *.facebook.com & *.fbcdn.net that'll stop it. If it's not doing, I'd be tempted to contact Bloxx for a solution.

  5. #5

    Join Date
    Aug 2012
    Location
    Michigan
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We have a web content filter that blocks anything at facebook.com(which includes the app). The only way they would be able to get around it would be to not use our network or to use a VPN service.

    -
    Patrick

  6. #6

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    It will be nice when content filters are doing layer 7 app management I know it's on the road map for bloxx, Smoothwall and light speed

  7. #7

    Join Date
    Aug 2012
    Location
    Michigan
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Meraki has some nice solutions for layer-7.

  8. #8

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    Quote Originally Posted by pmurphs View Post
    Meraki has some nice solutions for layer-7.
    We are going to be trialling a sonicwall UTM which also has layer 7 on it. Will be interesting to see how it goes

  9. #9

    Join Date
    Aug 2012
    Location
    Michigan
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by RTFM View Post
    We are going to be trialling a sonicwall UTM which also has layer 7 on it. Will be interesting to see how it goes
    With Meraki is all cloud managed to the annual fees are kinda high. Are there any with the sonicwall UTM? If so about how much would you say?

  10. #10

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    Quote Originally Posted by pmurphs View Post
    With Meraki is all cloud managed to the annual fees are kinda high. Are there any with the sonicwall UTM? If so about how much would you say?
    There are annual / license fee's with all the options I believe.

    Don't have the sonic wall price in front of me will dig them out though tomorrow

  11. #11
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Not really an option as these are ipads, so group policy doesn't apply.


    Quote Originally Posted by bossman View Post
    @ittech:

    Can you not setup a group policy for student users which blocks access using IP's?, you can on Smoothwall!

    This would do the trick

  12. #12
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 5 Times in 5 Posts
    Rep Power
    4
    Call Bloxx Technical Support. I can't rate the guys highly enough for being so damn helpful and supportive.

  13. #13
    januttall's Avatar
    Join Date
    Sep 2010
    Posts
    225
    Thank Post
    17
    Thanked 28 Times in 28 Posts
    Blog Entries
    1
    Rep Power
    13
    Quote Originally Posted by ittech View Post
    Has anyone tried this?

    we have a Bloxx box, quite happily blocking facebook through safari, I.E etc. Princiaplly as those programmes access facebook through URL.
    The ipad app however uses a whole range of destination I.Ps to access, rather than URL.

    I have set up static routes, which work in part by preventing the login part of the facebook app from working.

    However, sometimes it will allow you to log in. and once logged in, that's it, full facebook access.

    we are not using MDM, as the students all own their ipads, and we are unable to implement MDM for this reason



    any ideas?
    Do you have the range of IP's and if you did you could put a proxy in squid with dansguardian for example and block the addresses, ive been after the IP's or other host-names of Facebook for a while for the same reason i managed to stop some bits but not the majority, but if i had the other addresses i could block it out.

  14. #14
    ittech's Avatar
    Join Date
    Sep 2011
    Location
    Clevedon
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I managed to find a complete list of addresses in the end, but the only way we've found so far to block apps effectively is to make our DNS servers authoritative for the domains that the apps are trying to reach. but it's a nigh on impossible task trying to keep up with the apps that are popping up. the number of proxy bypass applicatuions available on the itunes store is ridiculous and clearly it's unfeasible to find destination addresses for every app, block and then whitelist accordingly.
    MDM isn't an option either as cost is too high, around 30 per user per annum for an MDM solution that allows us to control app access whilst students are on site. The meraki solution looks OK, but still does not allow control over what apps can be used and which cannot. The ideal solution would be app whitelisiting and blacklisting on say a bloxx box or smoothy. (or equivalent piece of hardware) is anyone aware of anything? Our Bloxx renewal is due this summer and we could really do with something that allows greater control over in app, internet access.

  15. #15

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    Quote Originally Posted by ittech View Post
    I managed to find a complete list of addresses in the end, but the only way we've found so far to block apps effectively is to make our DNS servers authoritative for the domains that the apps are trying to reach. but it's a nigh on impossible task trying to keep up with the apps that are popping up. the number of proxy bypass applicatuions available on the itunes store is ridiculous and clearly it's unfeasible to find destination addresses for every app, block and then whitelist accordingly.
    MDM isn't an option either as cost is too high, around 30 per user per annum for an MDM solution that allows us to control app access whilst students are on site. The meraki solution looks OK, but still does not allow control over what apps can be used and which cannot. The ideal solution would be app whitelisiting and blacklisting on say a bloxx box or smoothy. (or equivalent piece of hardware) is anyone aware of anything? Our Bloxx renewal is due this summer and we could really do with something that allows greater control over in app, internet access.
    If you have something fully inline between your firewall / router and switches then the traffic will pass through it and will be filtered (the app is still accessing a URL or ten, which you can then see through logs and recategorise / block / allow if necessary). If you forward proxy you'll miss stuff.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Moodle apps on iPad
    By taff in forum Netbooks, PDA and Phones
    Replies: 2
    Last Post: 18th November 2011, 02:30 PM
  2. Moodle apps on iPad
    By taff in forum Mac
    Replies: 1
    Last Post: 18th November 2011, 02:08 PM
  3. How can I enable url rewrite/clean url for PHP apps on the EMBC Webserver
    By camel in forum East Midlands Broadband Consortium (EMBC)
    Replies: 3
    Last Post: 15th November 2010, 04:53 PM
  4. Blocking the use of Spell check on a document?
    By Rydra in forum Office Software
    Replies: 1
    Last Post: 27th May 2010, 03:14 PM
  5. Facebook - is it blocked and are you on it?
    By gwendes in forum General Chat
    Replies: 49
    Last Post: 16th October 2007, 08:44 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •