Reply

Site blocking is inoperative

cuidadanoterre
Aspirant

Site blocking is inoperative

hello,

in the Security section, the Block sites is inoperative, despite having registered sites and for "always" and without the option "Allow trusted IP address to access blocked sites", when I make a test, the browser allows me to go!

what is the problem!? the firmware?

 

Hardware version RBR50, Current firmware version V2.7.4.24 (the previous one did not work either)

thanks

Message 1 of 3

Accepted Solutions
CrimpOn
Sage

Re: Site blocking is inoperative

Site Blocking is a hold-over from the early days of consumer routers, when all web sites were plain (unencrypted) http.

Try this:

  • Enter a known internet web site into the table, such as ford.
  • Apply the site block.
  • Open browser and connect to http://ford.com (not https).
    My Orbi blocks the connection and displays a message.
  • On the web browser, connect to https://ford.com.
    The connection is made.

Now that 90% (or more) of commercial web sites are encrypted, the site blocking mechanism no longer functions.
Modern web browsers now have a user controlled option to always attempt an https connection first when the user types a URL without specifying http or https.  That means they evade the block automatically.

 

20 years ago site blocking might have been a useful tool for Parental Control.  These days, it fails miserably.

 

Now that Netgear (and every other major router vendor) is selling Parental Controls ($$$) my guess is that there is little incentive to rework that old block sites feature to handle https connections.

 

In addition, attempting to block the Netgear firmware update site also fails.  In this case, I am pretty certain that blocks apply only to requests coming into the router - not requests generated internally in the router itself.  The only way to block firmware updates is to block the update URL "upstream" of the router.  Some customers sign up for a free account at OpenDNS for this purpose. Others stick another router in front of the Orbi.

I love my Orbi.

View solution in original post

Message 2 of 3

All Replies
CrimpOn
Sage

Re: Site blocking is inoperative

Site Blocking is a hold-over from the early days of consumer routers, when all web sites were plain (unencrypted) http.

Try this:

  • Enter a known internet web site into the table, such as ford.
  • Apply the site block.
  • Open browser and connect to http://ford.com (not https).
    My Orbi blocks the connection and displays a message.
  • On the web browser, connect to https://ford.com.
    The connection is made.

Now that 90% (or more) of commercial web sites are encrypted, the site blocking mechanism no longer functions.
Modern web browsers now have a user controlled option to always attempt an https connection first when the user types a URL without specifying http or https.  That means they evade the block automatically.

 

20 years ago site blocking might have been a useful tool for Parental Control.  These days, it fails miserably.

 

Now that Netgear (and every other major router vendor) is selling Parental Controls ($$$) my guess is that there is little incentive to rework that old block sites feature to handle https connections.

 

In addition, attempting to block the Netgear firmware update site also fails.  In this case, I am pretty certain that blocks apply only to requests coming into the router - not requests generated internally in the router itself.  The only way to block firmware updates is to block the update URL "upstream" of the router.  Some customers sign up for a free account at OpenDNS for this purpose. Others stick another router in front of the Orbi.

I love my Orbi.
Message 2 of 3
cuidadanoterre
Aspirant

Re: Site blocking is inoperative

hello, ah thank you for these precisions, I understand now why!
- speaking of opendns, I'll see how to do it

thanks

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 98 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 6E