Author Topic: Wi-Fi Router Recommendations (Block HTTPS)  (Read 974 times)

0 Members and 1 Guest are viewing this topic.

Offline CesarEscudero

  • Regular Contributor
  • *
  • Posts: 91
  • Country: 00
Wi-Fi Router Recommendations (Block HTTPS)
« on: February 06, 2019, 05:07:26 pm »
Hi,

Do you use any wifi router to block HTTPS sites? I am using OpenDNS but I am not satisfied with the functions.
I want to block the usual sites (FB, twitter, youtube) and be able to monitor each device.

Thank you
 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #1 on: February 06, 2019, 05:14:55 pm »
You want to block individual sites, entering URL(s) - or all HTTPS traffic?
 

Offline CesarEscudero

  • Regular Contributor
  • *
  • Posts: 91
  • Country: 00
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #2 on: February 06, 2019, 06:14:32 pm »
Individual sites, some old routers can easly be set to block HTTP but not HTTPS, so services like OpenDNS come handy.
 

Offline Shock

  • Super Contributor
  • ***
  • Posts: 2950
  • Country: au
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #3 on: February 06, 2019, 06:59:07 pm »
Soldering/Rework: Pace ADS200, Pace MBT350
Multimeters: Fluke 87V, 117, 27/FM     >>> Fluke 51/52 Thermometer Parts Required <<<
Oscilloscopes: Rigol DS1054Z, Phillips PM3065
 

Online Berni

  • Super Contributor
  • ***
  • Posts: 2638
  • Country: si
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #4 on: February 06, 2019, 08:22:42 pm »
Any proper router that's not a home use consumer toy will do it.

I personally use a MikroTik RB951G and it works great. Never needed a reboot, handles routing fragmented small packet data out of the WAN port unlike the majority of home grade routers and has all the features you get in the professional big rack mount routers that run entire office buildings since it runs the same software as those. Tho as a result configuring some stuff on it does need a lot more networking know how (or googling in my case)

For my particular router the solution would be to block outgoing port 53 (DNS) on the WAN port, this forces people to use the built in DNS server in the router. Then add manual entries into the DNS server that redirects lookups on those sites to a different IP. If you want to make sure you can also set the firewall to block all outgoing connections to the IP addresses of those sites on the WAN port.

Tho if you make me use your LAN i would quickly set up a VPN or Tor to tunnel my way out to the free uncensored internet, because im going to do what i want to do on the internet, not what some cranky IT nerd wants me to do.
 

Offline CesarEscudero

  • Regular Contributor
  • *
  • Posts: 91
  • Country: 00
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #5 on: February 06, 2019, 10:55:22 pm »
Tho if you make me use your LAN i would quickly set up a VPN or Tor to tunnel my way out to the free uncensored internet, because im going to do what i want to do on the internet, not what some cranky IT nerd wants me to do.

Fair enough

Thank you
 

Offline Psi

  • Super Contributor
  • ***
  • Posts: 7413
  • Country: nz
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #6 on: February 06, 2019, 11:12:23 pm »
If you have a old PC space you could put two network cards in it and run smoothwall/monowall etc. on it.
Greek letter 'Psi' (not Pounds per Square Inch)
 
The following users thanked this post: CesarEscudero

Offline particleman

  • Regular Contributor
  • *
  • Posts: 115
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #7 on: February 10, 2019, 01:15:33 pm »
Check out Pfsense. I have used it for close to 10 years now. Awesome firewall/router
 
The following users thanked this post: CesarEscudero

Online Berni

  • Super Contributor
  • ***
  • Posts: 2638
  • Country: si
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #8 on: February 10, 2019, 02:01:32 pm »
Oh and PiHole can be used to block sites on a whole LAN via DNS. Its meant to block advertising, tracking and data mining parts of webpages, but you can add any web address you want to the block list.

https://pi-hole.net/

It can be run on a RaspberryPi with a ready made image or on any Linux machine that can run docker containers (These are sort of like portable packed apps in windows that run without any instalation, but its on linux).
 
The following users thanked this post: CesarEscudero

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4373
  • Country: ch
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #9 on: February 14, 2019, 05:48:33 pm »
By pure chance, I came across the Synology RT2600ac the other day, which apparently is extremely highly regarded, and one review said it’s one of the few routers that can block HTTPS.
 
The following users thanked this post: CesarEscudero

Offline madires

  • Super Contributor
  • ***
  • Posts: 4886
  • Country: de
  • A qualified hobbyist ;)
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #10 on: February 14, 2019, 06:57:38 pm »
Blocking all HTTPS traffic is easy, just block TCP port 443 for traffic from LAN to WAN. A cheap SOHO router running OpenWrt can do this. If you want to block specific websites it will be more complicated. The best way would be to use a webproxy supporting blacklists. The alternative solution is a script which retrieves all the IP address of the websites to be blocked and then adds them to the firewall rules (TCP 443). The problem with that approach is that the IP addresses can change anytime (CDNs, load balancing, etc.).
 
The following users thanked this post: CesarEscudero

Offline kaevee

  • Regular Contributor
  • *
  • Posts: 68
  • Country: in
Re: Wi-Fi Router Recommendations (Block HTTPS)
« Reply #11 on: February 18, 2019, 05:53:39 am »
Blocking all HTTPS traffic is easy, just block TCP port 443 for traffic from LAN to WAN. A cheap SOHO router running OpenWrt can do this. If you want to block specific websites it will be more complicated. The best way would be to use a webproxy supporting blacklists. The alternative solution is a script which retrieves all the IP address of the websites to be blocked and then adds them to the firewall rules (TCP 443). The problem with that approach is that the IP addresses can change anytime (CDNs, load balancing, etc.).

As @madires pointed out blocking HTTPS based on IP address(s) can be messy and there is no guarantee.

As of now, your best bet is a commercial VPN appliance. Some of the commercial VPN appliances claim to give you application level (like youtube, BitTorrent) visibility. Few of these VPN appliances are offered on a trial. One can try them to find out if they work for a given use case.
 
The following users thanked this post: CesarEscudero


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf