How about using DNSCrypt-proxy? This is only on domain level, but there are many filter options. I use it to blacklist many trackers and ad domains based on simple patterns (e.g ad.*, *.doubleclick.net etc)
Posted: Thu Feb 20, 2020 1:11 Post subject: Re: Website blocking by keyword
d0ug wrote:
Dr_K wrote:
mwchang wrote:
How do you block a website by keyword in Access Restriction?
I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.
Unfortunately blocking websites by keyword in Access Restriction is somewhat defunct
It does not work on the ever more common https type sites
Last I checked... it does (mostly) still work on http sites.....at least on builds by Mr.K...I have not tested on BS builds in quite some time ¯\_(ツ)_/¯
Yeah this is pretty useless now and should probably just be removed. So much of the web is HTTPS now that the router can't see the traffic since it is encrypted. The only way you could filter keywords in HTTPS traffic is some kind of proxy that does MITM of all HTTPS traffic.
The proxy would decrypt the HTTPS traffic, check it's content then encrypt the traffic again to pass it on to the client. Basically the way a lot of content filters and browsing tracking appliances work in the corporate/educational world. Since these PCs are all centrally managed they can push the certs to the client PCs that make this work. Otherwise your browser would complain about the cert being invalid for every site you visit after the appliance MITMed the traffic.
With the facilities that DDWRT has, your only hope of filtering HTTPS traffic is website blocking by URL address.
Joined: 26 Mar 2013 Posts: 735 Location: Hung Hom, Hong Kong
Posted: Thu Feb 20, 2020 11:22 Post subject:
Actually, I am not trying to block by content, but just the domain name or the URL...
Content blocking should be the job of browsers? Or maybe the operating system if not just the anti-virus scanner? _________________ Router: Asus RT-N18U (rev. A1)
May the Force and farces be with you! Live long and proper!
Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.
Joined: 16 Nov 2015 Posts: 4093 Location: UK, London, just across the river..
Posted: Thu Feb 20, 2020 13:16 Post subject:
yep, various ways to do that blocking, some more accurate than others...
if mean how useless is that module in ddwrt and could it be traded for
something else yep its a good idea. otherwise you ve been here for a long time enough
to know how the things work many article's on the subject _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.
There you have your domain blocking
Just to add, as Alozaros suggests there are many way to implement domain blocking. I use DNSCrypt mainly for the encrypted DNS request + DNSSEC validation, and (recently introduced) anonymizes DNS relay — privacy and security. Domain blocking is just a convenient plus
Unfortonately there is no way on blocking a website in access restriction... especially one such as google. On the other hand side I don't even see the point of doing so as there is literally not a single disadvantage from using Google as your first and main searching engine. I am tho filtring the websites I tend to log onto allot more as on recently after finding out information about peoples DDosing different server just for the fun of it. This is exactly why ive decided to work with professional SEO company such as https://www.justseo.co.nz/wellington-seo-services/ that helps me keep my website steady and increase the traffic at the same time.
Joined: 16 Nov 2015 Posts: 4093 Location: UK, London, just across the river..
Posted: Tue Oct 27, 2020 7:24 Post subject:
depends from router and build...but on current builds on high end routers, as the use of ipset is possible you can block google by domain names and all set of IP belonging to it ... _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.
Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.
It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.
Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.
not very clear to me what you are on about...
Best way to block sites, (similar to OpenDNS) you can use adblocker, block by resolving name via DNSmasq or via IPtables or privoxy or IPset.... many different ways...
IPset is available on large flash size routers, more info on the subject
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261 _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45229 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44849 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44719 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45420 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
