Block Dropbox: A Practical Guide

TL;DR

This guide shows you how to block Dropbox usage on your network and devices using firewalls, web filters, and device management tools. It covers methods for both home/small office setups and larger organisations.

1. Understand Your Blocking Options

There are several ways to block Dropbox. The best approach depends on what you want to achieve (e.g., prevent uploads only, complete access blocking) and your technical resources:

• Firewall: Blocks network traffic to/from Dropbox servers. Effective but can be bypassed with VPNs or proxies.
• Web Filter: Blocks access to Dropbox website and related URLs. Easier to manage than firewalls for simple blocking.
• Device Management (MDM): Prevents installation of the Dropbox app on managed devices. Best for company-owned devices.

2. Blocking with a Firewall

This method blocks communication at the network level.

1. Identify Dropbox IP Addresses and Domains: These change, so you’ll need to keep them updated. Check official Dropbox documentation or use online resources (e.g., Dropbox IP Ranges).
2. Configure Your Firewall: Add rules to block outbound traffic to these IPs and domains on ports 443 (HTTPS) and potentially 80 (HTTP). The exact steps depend on your firewall (e.g., pfSense, Cisco ASA, Windows Firewall).

   # Example using iptables (Linux):

   iptables -A OUTPUT -d dropbox.com -j DROP

   iptables -A OUTPUT -d 167.83.255.0/24 -j DROP # Example IP range (check current ranges)

3. Test the Block: Try accessing Dropbox from a device on your network.

3. Blocking with a Web Filter

Web filters block access to websites based on URL categories or specific URLs.

1. Choose a Web Filter: Options include dedicated hardware appliances, cloud-based services (e.g., Cisco Umbrella, OpenDNS), and software solutions.
2. Create Blocking Rules: Add rules to block the following:
   • dropbox.com
   • *.dropbox.com (blocks all subdomains)
   • Any related URLs identified during testing.
3. Test the Block: Try accessing Dropbox from a device on your network.

4. Blocking with Device Management (MDM)

This is suitable for company-owned devices.

1. Choose an MDM Solution: Examples include Microsoft Intune, Jamf Pro, VMware Workspace ONE.
2. Create App Policies: Configure policies to prevent the installation of the Dropbox app on enrolled devices. Some MDMs allow blocking specific apps by their bundle ID.
3. Deploy the Policy: Push the policy to your managed devices.
4. Monitor Compliance: Check that the policy is enforced and no users are installing the blocked app.

5. Circumvention Considerations

Users may try to bypass blocks using:

• VPNs: Block known VPN IP addresses or consider a solution that detects and blocks VPN traffic.
• Proxies: Similar to VPNs, block proxy server IPs.
• Web Proxies/Browser Extensions: Educate users about the risks of using these tools.

6. Ongoing Maintenance

Dropbox’s infrastructure changes frequently. Regularly update your IP address and domain lists to ensure effective blocking.