Reply

RAX20 - keyword based website blocking is not working

RAX20 - keyword based website blocking is not working

I am trying to block websites using keywords. I entered the website keywords in "Advanced>Security>Block Sites" section of the router configuration. But it is not working!

 

I came across many similar posts on the Netgear community forum, and the accepted solution seems to be that "a router (Netgear or not) cannot block websites that use HTTPS protocol, since the website URL is encrypted". But this is wrong! The packet header (which contains the destination URL) is not encrypted, but only its content. Because if it were encrypted, there would be no way for the upstream routers to identify (i.e. read) the packets' destination, and route it accordingly.

 

So, It should be possible for the router to identify the destination address and accordingly block it. In fact, my old Tenda router had a similar feature called "URL filtering" and it worked regardless of the protocol.

 

So, I want to know what should be done to block websites on a Netgear router?

 

PS: I don't want to install any "Parental Control" software on any of my devices, since the router should block the sites.

Model: RAX40|Nighthawk AX4 4-Stream WiFi Router
Message 1 of 4

Accepted Solutions
antinode
Guru

Re: RAX20 - keyword based website blocking is not working

> [...] But this is wrong! [...]

 

   Says who?

 

> [...] The packet header (which contains the destination URL) [...]

 

   "packet header"?  _IP_ packet header?  URL?  Where's the "URL" field
in an _IP_ packet header?


      https://en.wikipedia.org/wiki/IPv4#Packet_structure


   "IP Address" and "URL" are spelled differently for a reason.

 

> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.

 

   Eh?  All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that.  I see no need
for an unencrypted URL to leave the web browser.

 

> [...] the router should block the sites.


   As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router.  So, in fact, if the
encryption is adequate, exactly the opposite is true.


   I claim.

View solution in original post

Message 3 of 4

All Replies

Re: RAX20 - keyword based website blocking is not working

Addition: I raised a Netgear support ticket over 2 weeks ago and I haven't recieved any reply from them, so, I decided to post it here on the community forum.

Message 2 of 4
antinode
Guru

Re: RAX20 - keyword based website blocking is not working

> [...] But this is wrong! [...]

 

   Says who?

 

> [...] The packet header (which contains the destination URL) [...]

 

   "packet header"?  _IP_ packet header?  URL?  Where's the "URL" field
in an _IP_ packet header?


      https://en.wikipedia.org/wiki/IPv4#Packet_structure


   "IP Address" and "URL" are spelled differently for a reason.

 

> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.

 

   Eh?  All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that.  I see no need
for an unencrypted URL to leave the web browser.

 

> [...] the router should block the sites.


   As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router.  So, in fact, if the
encryption is adequate, exactly the opposite is true.


   I claim.

View solution in original post

Message 3 of 4

Re: RAX20 - keyword based website blocking is not working

Okay. I think I mixed up an HTTP header (with the "Host" header) with a packet-header. So, the "URL filtering" in my previous router must be preventing the DNS lookup for the blocked domains.

 

Thank you.

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 419 views
  • 1 kudo
  • 2 in conversation
Announcements