NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX20 - keyword based website blocking is not working
I am trying to block websites using keywords. I entered the website keywords in "Advanced>Security>Block Sites" section of the router configuration. But it is not working!
I came across many similar posts on the Netgear community forum, and the accepted solution seems to be that "a router (Netgear or not) cannot block websites that use HTTPS protocol, since the website URL is encrypted". But this is wrong! The packet header (which contains the destination URL) is not encrypted, but only its content. Because if it were encrypted, there would be no way for the upstream routers to identify (i.e. read) the packets' destination, and route it accordingly.
So, It should be possible for the router to identify the destination address and accordingly block it. In fact, my old Tenda router had a similar feature called "URL filtering" and it worked regardless of the protocol.
So, I want to know what should be done to block websites on a Netgear router?
PS: I don't want to install any "Parental Control" software on any of my devices, since the router should block the sites.
> [...] But this is wrong! [...]
Says who?
> [...] The packet header (which contains the destination URL) [...]
"packet header"? _IP_ packet header? URL? Where's the "URL" field
in an _IP_ packet header?
https://en.wikipedia.org/wiki/IPv4#Packet_structure
"IP Address" and "URL" are spelled differently for a reason.> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.Eh? All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that. I see no need
for an unencrypted URL to leave the web browser.> [...] the router should block the sites.
As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router. So, in fact, if the
encryption is adequate, exactly the opposite is true.
I claim.
3 Replies
> [...] But this is wrong! [...]
Says who?
> [...] The packet header (which contains the destination URL) [...]
"packet header"? _IP_ packet header? URL? Where's the "URL" field
in an _IP_ packet header?
https://en.wikipedia.org/wiki/IPv4#Packet_structure
"IP Address" and "URL" are spelled differently for a reason.> [...] is not encrypted, but only its content. Because if it were
> encrypted, there would be no way for the upstream routers to identify
> (i.e. read) the packets' destination, and route it accordingly.Eh? All that's needed for routing is the destination IP address.
The web browser can do a DNS look-up to determine that. I see no need
for an unencrypted URL to leave the web browser.> [...] the router should block the sites.
As explained elsewhere ("many similar posts on the Netgear community
forum" -- thanks for the helpful links), when HTTPS is used, the URL is
encrypted when it passes through the router. So, in fact, if the
encryption is adequate, exactly the opposite is true.
I claim.