Posted: Wed Feb 19, 2020 18:51 Post subject: Re: Website blocking by keyword
mwchang wrote:
How do you block a website by keyword in Access Restriction?
I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.
Unfortunately blocking websites by keyword in Access Restriction is somewhat defunct
It does not work on the ever more common https type sites
Last I checked... it does (mostly) still work on http sites.....at least on builds by Mr.K...I have not tested on BS builds in quite some time ¯\_(ツ)_/¯ _________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
How about using DNSCrypt-proxy? This is only on domain level, but there are many filter options. I use it to blacklist many trackers and ad domains based on simple patterns (e.g ad.*, *.doubleclick.net etc)
Posted: Thu Feb 20, 2020 1:11 Post subject: Re: Website blocking by keyword
d0ug wrote:
Dr_K wrote:
mwchang wrote:
How do you block a website by keyword in Access Restriction?
I tried "google", for example, and it didn't work. I tried "*google*" and it still failed.
Unfortunately blocking websites by keyword in Access Restriction is somewhat defunct
It does not work on the ever more common https type sites
Last I checked... it does (mostly) still work on http sites.....at least on builds by Mr.K...I have not tested on BS builds in quite some time ¯\_(ツ)_/¯
Yeah this is pretty useless now and should probably just be removed. So much of the web is HTTPS now that the router can't see the traffic since it is encrypted. The only way you could filter keywords in HTTPS traffic is some kind of proxy that does MITM of all HTTPS traffic.
The proxy would decrypt the HTTPS traffic, check it's content then encrypt the traffic again to pass it on to the client. Basically the way a lot of content filters and browsing tracking appliances work in the corporate/educational world. Since these PCs are all centrally managed they can push the certs to the client PCs that make this work. Otherwise your browser would complain about the cert being invalid for every site you visit after the appliance MITMed the traffic.
With the facilities that DDWRT has, your only hope of filtering HTTPS traffic is website blocking by URL address.
Joined: 26 Mar 2013 Posts: 1857 Location: Hung Hom, Hong Kong
Posted: Thu Feb 20, 2020 11:22 Post subject:
Actually, I am not trying to block by content, but just the domain name or the URL...
Content blocking should be the job of browsers? Or maybe the operating system if not just the anti-virus scanner?
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Thu Feb 20, 2020 13:16 Post subject:
yep, various ways to do that blocking, some more accurate than others...
if mean how useless is that module in ddwrt and could it be traded for
something else yep its a good idea. otherwise you ve been here for a long time enough
to know how the things work many article's on the subject _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Get it through Entware, point DNSmasq to it as upstream resolver (i.e. so your DNS server will be 127.0.0.1:port, where “port” is whichever you set up DNSCrypt-proxy to listen on), get a couple of your favorite blacklists to DNSCrypt.
There you have your domain blocking
Just to add, as Alozaros suggests there are many way to implement domain blocking. I use DNSCrypt mainly for the encrypted DNS request + DNSSEC validation, and (recently introduced) anonymizes DNS relay — privacy and security. Domain blocking is just a convenient plus
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Tue Oct 27, 2020 7:24 Post subject:
depends from router and build...but on current builds on high end routers, as the use of ipset is possible you can block google by domain names and all set of IP belonging to it ... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.
Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.
It really is a load of crap. Was perfectly fine before Cisco bought OpenDNS. I could have swore I threw the Cert. in the OS its self and not in the browser. But it's been years.
Edit - How do you report a damn post? This version of phpBB is so damn old it isn't funny. LissMaker's username shows up at StopForumSpam, so cross check the email and IP. That post looks awfully spamish, too. I don't allow that crap on my website. In fact, all first time posters are held in moderation queue.
not very clear to me what you are on about...
Best way to block sites, (similar to OpenDNS) you can use adblocker, block by resolving name via DNSmasq or via IPtables or privoxy or IPset.... many different ways...
IPset is available on large flash size routers, more info on the subject
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Linksys provides the following steps on how to block a website by keyword:
Access the router's web-based setup page.
Click Configuration > Firewall > Content Filter.
Click the Enable Website Blocking by Keywords box and enter the keyword you want to block. Then, click Add to list.
Select a Time you want the website to remain blocked then click Save. In this example, we used Always as the time rule.
Last edited by Vanccob on Mon Oct 03, 2022 5:23; edited 1 time in total