Blocking Sites

The router function to "Block Sites" is a hold-over from "days of yore" and is no longer of much practical use.  My experiment with the original Orbi router (RBR50) was that it will block http access as advertised, but does not block any other access (such as ICMP [ping] or secure web [https])

Please give this experiment a try:

• Go into Security, Block Sites and add these two entries:
  • sexykitten
  • ford
• Then, open a command window and attempt to ping them.
  • ping sexykitten.com will return "Ping request could not find host sexykitten.com. Please check the name and try again."
    (This is because there appears to be no such URL. - although there certainly should be one!)
• Open a web browser and attempt to browse to the unencrypted (http) version of these sites:
  • http://sexykitten.com will return an error that the web site does not exist.
  • http://ford.com will return an error that  "Web Site Blocked by NETGEAR Firewall", complete with bold RED banners across the entire page.
• In the web browser, attempt to browser to the secure web sites:
  • https://sexykitten.com will fail because the URL does not exist.
  • https://ford.com will succeed because the "Block Sites" feature does not block encrypted web sites.

In other words, the feature is basically worthless in today's world where 99% of all web sites are https.

---

@gfeldman wrote:

What is the most effective way to block such traffic from a single domain?  THANKS. - GARY

---

There are two generally accepted methods to accomplish this:

• Place some device upstream from the Orbi router which will block connections, such as another router.
• Change the Orbi router to resolve DNS with something that will reject the URL's that you want it to, such as:
  • OpenDNS using a "free" account, or
  • Your own DNS server, such as Pi-Hole.