CCT wrote:

Well actually it's students who have been youtubing.....They are aware they are not supposed to be on facebook

The IP filter examples on the FAQ should help but facebook etc. probably have quite a few IP ranges you need to include.

but on your above comment, withdraw their Internet access to remind them about rules... Routers are great, but IMHO need to be in tandem with an AUP and penalties for breaches...otherwise there's no incentive for them to not find ways around the security...

paulj48 wrote: Do you run an internal DNS ? if so you could create a zone for facebook.com and point it to a different I.P address.

Not if they are using HTTPS as the URL is obfuscated; if it's regular clear HTTP you also need to block external DNS access to stop bypassing. If its your own PCs and they're locked down, you can also use bogus entries in the HOSTS files.

admin wrote:
Not if they are using HTTPS as the URL is obfuscated;

If thats the case how are domain names using https resolved then as I'm curious now.

I run my own DNS as part of a win2003 active directory with a DNS forwarder to Open DNS for Non-authoritive resolves, if the URL is 'obfuscated' how does Open DNS resolve the name?

Actually, yes, you're right, sorry. The URL in the DNS resolution is not obfuscated, only the request to the remote web server.