D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: thoff on September 15, 2009, 04:39:16 PM
-
I have a DIR-655 and I've configured it to block specific websites for specific machines on my network. This works fine EXCEPT when a site is accessed via SSL. For example, accessing http://www.myblockedsite.com will return the router's "website blocked" page. But if I try accessing https://www.myblockedsite.com the router lets me right on thru. :(
Hardware Version:A4
Firmware Version: 1.21, 2008/10/09
Access Control is configured...
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_AccCtrl.JPG)
Web Filter is configured...
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr.JPG)
I try to get to the forbidden site from the restricted PC and ...
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_blocked1.jpg)
works like a charm...
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_blocked2.jpg)
but... if I try https
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_not_blocked1.jpg)
router let's the site right on thru... >:(
(http://melrosetech.homeip.net:1812/Shared_Images/firefox_not_blocked2.jpg)
-
I don't think there is any home class router that supports https blocking.
-
you will have to block the port through port filtering. When you set port filtering to block port 443.
Port filtering was the only way I was able to successfully block torrent downloads, blocking all but the necessary ports used for web browsing and messenger communication.
If you want execptions to your blocked ports, after creating the blocked port rule create another rule and call it exception list and then choose only log web access and put your mac addresss in the field provided.
-
Thanks @lotacus... port filtering on port 443 did the trick.
At first I thought it was too much to block all SSL traffic but then I realized I could block SSL for a specific IP range. A quick ping of optionsxpress.com revealed the ip address and I just blocked the whole class-c subnet.
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr_PortFltr.JPG)
(http://melrosetech.homeip.net:1812/Shared_Images/DIR-655_ADV_WebFltr_PortFltr2.JPG)
-
I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router
the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.
so firewall solution is the alternative way to go.
-
Is with in the UI of your 867 router or you you have a external firewall appliance device in front of your 867?
Thanks for posting. I'm sure after 11 years people have moved on though.
I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router
the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.
so firewall solution is the alternative way to go.