blocking http and https requests

Discussion in 'Tomato Firmware' started by mikester, Apr 5, 2011.

  1. mikester

    mikester Network Guru Member

    I've just noticed that apps can bypass the http request blocking on tomato by using https instead...I've noted several iTunes spam apps bypassing the firewall this way.

    Does anyone have any suggestions on how to block these via the gui instead of using iptables?
  2. TexasFlood

    TexasFlood Network Guru Member

    How are you blocking http requests? Are you using access restrictions with a layer 7 http block? If so, adding a rule to block ssl, or just specifically blocking port 443 might do the trick. Although if you redefine the port like I've done in one case, blocking 443 won't help, but I just tried the layer 7 rule and it did catch it.
  3. mikester

    mikester Network Guru Member

    I'm using access restrictions. Are you saying to add a new rule or to select the layer 7 option to block ssl as well as the http request?

    Here's my example:
    I want to block the site "" so I add a new rule "tapjoy" with listed under http request. Now are you saying to add layer 7 ssl as well?

    Ive just tried this and is still accessible.

    I also tried block outgoing port requests to 443 but it doesnt make a difference.
  4. TexasFlood

    TexasFlood Network Guru Member

    OK, sorry, I was barking up the wrong tree there, :) , I see what you're doing. I just tried the same website that I have the alternate ssl port on, added "" (name changed but only slightly) to the "HTTP Request" section and on my router it blocked both http and https access. I guess my next question is what build are you using & might it have a bug? The build I'm running right now and did the test with is "Tomato Firmware v1.28.7459 MIPSR2-Toastman K26 USB VPN". And I have to ask the obligatory question did you do an NVRAM reset when you first loaded the build, not counting minor upgrades of the same build.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice