NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi not blocking sites in Keyword/Domain list
The original post is here: https://community.netgear.com/t5/Orbi/Orbi-not-blocking-sites-in-Keyword-Domain-list/td-p/1845336 Netgear has not replied to that post with a solution, but closed that pos...
Well, the "last" answer might be it's not possible at all - certainly not without dealing with some end point security.
Netgear's current implementation does capture http traffic - alone this is useless nowadays (as explained several times now).
Up to TLS 1.2, it might be possible to find the URL called in the initial handshake. For sites using TLS 1.3 this is no longer feasible.
The last design approach would be capturing the plain text DNS for DNS queries ... what is easily circumvented when also using secured/encrypted DNS.
Now read the first line again....
Same limitation on advanced security appliances by the way.
And I just found out, the free modem that came with Spark fiber can block https urls without issue. Does this mean the modem passes text url to the Orbi router for http traffic, but encrypted url for https traffic?
Conax wrote:
And I just found out, the free modem that came with Spark fiber can block https urls without issue.
Don't know anything about this device implementation or the Spark service named Net Shield.
As I said, the https connection is either <=TLS 1.2, or the device is filtering plain text DNS. Both is technically feasible (hey I'm not Netgear, but they kow from where I'm coming from ....) so I can say the current Keyword Blocking feature is just j**k. Try using an encrypted DNS and you might find the computer does bypass....
Conax wrote:And I just found out, the free modem that came with Spark fiber can block https urls without issue. Does this mean the modem passes text url to the Orbi router for http traffic, but encrypted url for https traffic?
Would love to see the brand and model number of this free modem.
Hi CrimpOn , it is Huawei HG659b.
After I did this:
then I did a ipconfig /flushdns as suggested in this article:
then when trying to browse the site, I get this:
Somehow the screenshots does not appear in my reply...
Anyway, there is a Parental Control -> URL Filter setting in the modem.
I added "mylotto.co.nz" and "www.mylotto.co.nz" to be filtered, and then did a ipconfig /flushdns.
Then when trying to browse to mylotto.co.nz, Chrome displays this message:
This site can’t be reached
Check if there is a typo in www.mylotto.co.nz.
- If spelling is correct, try running windows network Diagnostics.
DNS_PROBE_FINISHED_NXDOMAIN
