Website blocking by keyword

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 735
Location: Hung Hom, Hong Kong

PostPosted: Wed Feb 19, 2020 17:44    Post subject: Website blocking by keyword Reply with quote
How do you block a website by keyword in Access Restriction?

I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.


_________________
Router: Asus RT-N18U (rev. A1)

May the Force and farces be with you! Live long and proper!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
Sponsor
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 443

PostPosted: Wed Feb 19, 2020 18:51    Post subject: Re: Website blocking by keyword Reply with quote
mwchang wrote:
How do you block a website by keyword in Access Restriction?

I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.


Unfortunately blocking websites by keyword in Access Restriction is somewhat defunct


It does not work on the ever more common https type sites

Last I checked... it does (mostly) still work on http sites.....at least on builds by Mr.K...I have not tested on BS builds in quite some time ¯\_(ツ)_/¯

_________________
Location 1
R6300V2- DD-WRT v3.0-r39345M kongac (04-03-19) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Gateway
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2 devices: RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge (0.8km/0.5mi)tx/rx 866.6Mbps-1GbpsLAN
Location 3
R7000 DD-WRT v3.0-r44627 netgear-r7000 (10/22/20) Access Point
2 devices: RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge tx/rx 2.3Gbps-1GbpsLAN


Thank You BrainSlayer & <Kong> for ALL that you do & have done, also to "most" everyone here that shares their knowledge
dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 233

PostPosted: Wed Feb 19, 2020 23:12    Post subject: Reply with quote
How about using DNSCrypt-proxy? This is only on domain level, but there are many filter options. I use it to blacklist many trackers and ad domains based on simple patterns (e.g ad.*, *.doubleclick.net etc)
Cartel
DD-WRT Novice


Joined: 14 Jun 2013
Posts: 24

PostPosted: Thu Feb 20, 2020 1:11    Post subject: Re: Website blocking by keyword Reply with quote
d0ug wrote:
Dr_K wrote:
mwchang wrote:
How do you block a website by keyword in Access Restriction?

I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.


Unfortunately blocking websites by keyword in Access Restriction is somewhat defunct


It does not work on the ever more common https type sites

Last I checked... it does (mostly) still work on http sites.....at least on builds by Mr.K...I have not tested on BS builds in quite some time ¯\_(ツ)_/¯


Yeah this is pretty useless now and should probably just be removed. So much of the web is HTTPS now that the router can't see the traffic since it is encrypted. The only way you could filter keywords in HTTPS traffic is some kind of proxy that does MITM of all HTTPS traffic.

The proxy would decrypt the HTTPS traffic, check it's content then encrypt the traffic again to pass it on to the client. Basically the way a lot of content filters and browsing tracking appliances work in the corporate/educational world. Since these PCs are all centrally managed they can push the certs to the client PCs that make this work. Otherwise your browser would complain about the cert being invalid for every site you visit after the appliance MITMed the traffic.

With the facilities that DDWRT has, your only hope of filtering HTTPS traffic is website blocking by URL address.


be careful using that:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323117
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1191488
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 735
Location: Hung Hom, Hong Kong

PostPosted: Thu Feb 20, 2020 11:22    Post subject: Reply with quote
Actually, I am not trying to block by content, but just the domain name or the URL...

Content blocking should be the job of browsers? Or maybe the operating system if not just the anti-virus scanner? Smile


_________________
Router: Asus RT-N18U (rev. A1)

May the Force and farces be with you! Live long and proper!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 233

PostPosted: Thu Feb 20, 2020 12:01    Post subject: Reply with quote
mwchang wrote:
Actually, I am not trying to block by content, but just the domain name or the URL...

Content blocking should be the job of browsers? Or maybe the operating system if not just the anti-virus scanner? Smile



Then DNSCrypt-proxy is good for your use case:

https://github.com/DNSCrypt/dnscrypt-proxy

Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.

There you have your domain blocking
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4093
Location: UK, London, just across the river..

PostPosted: Thu Feb 20, 2020 13:16    Post subject: Reply with quote
yep, various ways to do that blocking, some more accurate than others...
if mean how useless is that module in ddwrt and could it be traded for
something else yep its a good idea. otherwise you ve been here for a long time enough
to know how the things work many article's on the subject

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 233

PostPosted: Thu Feb 20, 2020 13:32    Post subject: Reply with quote
dragonC wrote:
mwchang wrote:
Actually, I am not trying to block by content, but just the domain name or the URL...

Content blocking should be the job of browsers? Or maybe the operating system if not just the anti-virus scanner? Smile



Then DNSCrypt-proxy is good for your use case:

https://github.com/DNSCrypt/dnscrypt-proxy

Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.

There you have your domain blocking


Just to add, as Alozaros suggests there are many way to implement domain blocking. I use DNSCrypt mainly for the encrypted DNS request + DNSSEC validation, and (recently introduced) anonymizes DNS relay — privacy and security. Domain blocking is just a convenient plus
LissMaker
DD-WRT Novice


Joined: 29 Nov 2019
Posts: 5

PostPosted: Tue Oct 27, 2020 3:28    Post subject: Reply with quote
Unfortonately there is no way on blocking a website in access restriction... especially one such as google. On the other hand side I don't even see the point of doing so as there is literally not a single disadvantage from using Google as your first and main searching engine. I am tho filtring the websites I tend to log onto allot more as on recently after finding out information about peoples DDosing different server just for the fun of it. This is exactly why ive decided to work with professional SEO company such as https://www.justseo.co.nz/wellington-seo-services/ that helps me keep my website steady and increase the traffic at the same time.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4093
Location: UK, London, just across the river..

PostPosted: Tue Oct 27, 2020 7:24    Post subject: Reply with quote
depends from router and build...but on current builds on high end routers, as the use of ipset is possible you can block google by domain names and all set of IP belonging to it ... Razz
_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Spread-Spectrum
DD-WRT Novice


Joined: 30 Dec 2020
Posts: 3

PostPosted: Fri Jan 01, 2021 17:51    Post subject: Reply with quote
Little late to the party, but you might want to check out OpenDNS. Been using that since 2008.

Then you might want to interface that with IFTTT.

https://www.opendns.com/home-internet-security/

Since Cisco bought OpenDNS, your custom block page will error out due to the lack of Cisco's TLS Cert in your certificate store. Read here: https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA

It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.

IFTTT: https://ifttt.com/

Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4093
Location: UK, London, just across the river..

PostPosted: Fri Jan 01, 2021 18:58    Post subject: Reply with quote
Spread-Spectrum wrote:
Little late to the party, but you might want to check out OpenDNS. Been using that since 2008.

Then you might want to interface that with IFTTT.

https://www.opendns.com/home-internet-security/

Since Cisco bought OpenDNS, your custom block page will error out due to the lack of Cisco's TLS Cert in your certificate store. Read here: https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA

It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.

IFTTT: https://ifttt.com/

Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.


not very clear to me Question Question Rolling Eyes Rolling Eyes Question Question what you are on about...

Best way to block sites, (similar to OpenDNS) you can use adblocker, block by resolving name via DNSmasq or via IPtables or privoxy or IPset.... many different ways...

IPset is available on large flash size routers, more info on the subject
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum