D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: thoff on September 15, 2009, 04:39:16 PM

Title: How can I block sites accessed via SSL (https)
Post by: thoff on September 15, 2009, 04:39:16 PM
I have a DIR-655 and I've configured it to block specific websites for specific machines on my network.  This works fine EXCEPT when a site is accessed via SSL.  For example, accessing http://www.myblockedsite.com will return the router's "website blocked" page. But if I try accessing https://www.myblockedsite.com the router lets me right on thru.  :(

Hardware Version:A4
Firmware Version: 1.21, 2008/10/09

Access Control is configured...
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_AccCtrl.JPG)

Web Filter is configured...
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr.JPG)

I try to get to the forbidden site from the restricted PC and ...
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_blocked1.jpg)

works like a charm...
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_blocked2.jpg)

but... if I try https
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_not_blocked1.jpg)

router let's the site right on thru...  >:(
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_not_blocked2.jpg)

Title: Re: How can I block sites accessed via SSL (https)
Post by: KevTech on September 15, 2009, 05:34:07 PM
I don't think there is any home class router that supports https blocking.
Title: Re: How can I block sites accessed via SSL (https)
Post by: lotacus on September 16, 2009, 10:23:10 AM
you will have to block the port through port filtering. When you set port filtering to block port 443.

Port filtering was the only way I was able to successfully block torrent downloads, blocking all but the necessary ports used for web browsing and messenger communication.

If you want execptions to your blocked ports, after creating the blocked port rule create another rule and call it exception list and then choose only log web access and put your mac addresss in the field provided.
Title: Re: How can I block sites accessed via SSL (https)
Post by: thoff on September 17, 2009, 10:39:30 AM
Thanks @lotacus... port filtering on port 443 did the trick. 

At first I thought it was too much to block all SSL traffic but then I realized I could block SSL for a specific IP range.  A quick ping of optionsxpress.com revealed the ip address and I just blocked the whole class-c subnet.

(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr_PortFltr.JPG)


(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr_PortFltr2.JPG)

Title: Re: How can I block sites accessed via SSL (https) - DIR-867
Post by: Dalaohu on April 22, 2020, 07:07:17 PM
I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router

the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.

so firewall solution is the alternative way to go.
Title: Re: How can I block sites accessed via SSL (https) - DIR-867
Post by: FurryNutz on April 22, 2020, 09:40:09 PM
Is with in the UI of your 867 router or you you have a external firewall appliance device in front of your 867?

Thanks for posting. I'm sure after 11 years people have moved on though.

I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router

the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.

so firewall solution is the alternative way to go.