Posted: Sun Nov 15, 2015 16:52 Post subject: Website blocking by URL Not!
Being new to DD-WRT I may well have missed something in attempting to set my filters. I just installed DD-WRT - Open VPN version on a Linksys WRT54GL. The installation went fine thanks to the excellent documentation provided on the web site. I have configured most of what I had on my old router (IP address reservations, WiFi security etc.) The VPN will come soon. I am now attempting to build my annoying/nosy site filters. Following the instructions in the wiki I have:
- Navigated to the Access Restriction tab
- Created a new policy named "snoop"
- set the Status of this Policy to Enable
- Selected all PCs/addresses on network as "IP Range 01 192.168.0.1 - 192.168.0.250" (Yes, my network uses 192.168.0 not 192.168.1)
- selected Filter (vs. Deny)
- selected Everyday and 24 Hours so the Policy should ALWAYS be in effect
- added "www.facebook.com" to Website Blocking by URL Address
- Apply Settings and Save several times along the way (I have learned that DD-WRT is a little strange about saving/not saving changes)
- I have even tried rebooting the router
Problem is, I can still access my example web site www.facebook.com from a PC on my network.
I suspect I have overlooked something simple. Can anyone point me to the error of my ways?
Thanks eibgrad for the excellent explanation. I had not thought about how the process would actually work. With my previous two routers (non-DD-WRT) I would put in a keyword or address such as doubleclick and if a web page tried to access content on that domain - it just would not and the browser would show "connecting to www.doubleclick.net" or similar until the script in the web page timed out. If I attempted to manually access the web site www.doubleclick.net I would get a large banner "SITE BLOCKED BY NETGEAR..."
I have NoScript and other tools installed in my browser these days so I guess the router blocking is perhaps redundant. And, provided I get my VPN working, the privacy concerns with encountering these sites will be less of an issue. I guess I could route a site such as www.doubleclick.net to 127.0.0.1 in /etc/hosts
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Tue Oct 27, 2020 20:07 Post subject: Re: Website blocking by URL Not!
taylorkh wrote:
Problem is, I can still access my example web site www.facebook.com from a PC on my network.
I suspect I have overlooked something simple. Can anyone point me to the error of my ways?
I guess I should have specified that the version I have installed is dd-wrt.v24-12548_NEWD_openvpn.bin
Was it "http://" or "https://"? I suspect all blocking by text would fail with https protocol, even with some transparent proxy servers, because the traffic was encrypted.
I believe DD-WRT is not using a full-scale proxy server like Squid, but just dnsmasq.
However, blocking by IP addresses at DNS level should always work. I think firewall blocking might work with deep packet inspection.
BTW, you are using a very old version of DD-WRT. What is your router brand and model?
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!