- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: RAX20 - keyword based website blocking is not working
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to block websites using keywords. I entered the website keywords in "Advanced>Security>Block Sites" section of the router configuration. But it is not working!
I came across many similar posts on the Netgear community forum, and the accepted solution seems to be that "a router (Netgear or not) cannot block websites that use HTTPS protocol, since the website URL is encrypted". But this is wrong! The packet header (which contains the destination URL) is not encrypted, but only its content. Because if it were encrypted, there would be no way for the upstream routers to identify (i.e. read) the packets' destination, and route it accordingly.
So, It should be possible for the router to identify the destination address and accordingly block it. In fact, my old Tenda router had a similar feature called "URL filtering" and it worked regardless of the protocol.
So, I want to know what should be done to block websites on a Netgear router?
PS: I don't want to install any "Parental Control" software on any of my devices, since the router should block the sites.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
> [...] But this is wrong! [...]
Says who?
> [...] The packet header (which contains the destination URL) [...]
"packet header"? _IP_ packet header? URL? Where's the "URL" field
in an _IP_ packet header?
https://en.wikipedia.org/wiki/IPv4#Packet_structure
"IP Address" and "URL" are spelled differently for a reason.
> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.
Eh? All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that. I see no need
for an unencrypted URL to leave the web browser.
> [...] the router should block the sites.
As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router. So, in fact, if the
encryption is adequate, exactly the opposite is true.
I claim.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RAX20 - keyword based website blocking is not working
Addition: I raised a Netgear support ticket over 2 weeks ago and I haven't recieved any reply from them, so, I decided to post it here on the community forum.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
> [...] But this is wrong! [...]
Says who?
> [...] The packet header (which contains the destination URL) [...]
"packet header"? _IP_ packet header? URL? Where's the "URL" field
in an _IP_ packet header?
https://en.wikipedia.org/wiki/IPv4#Packet_structure
"IP Address" and "URL" are spelled differently for a reason.
> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.
Eh? All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that. I see no need
for an unencrypted URL to leave the web browser.
> [...] the router should block the sites.
As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router. So, in fact, if the
encryption is adequate, exactly the opposite is true.
I claim.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RAX20 - keyword based website blocking is not working
Okay. I think I mixed up an HTTP header (with the "Host" header) with a packet-header. So, the "URL filtering" in my previous router must be preventing the DNS lookup for the blocked domains.
Thank you.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more