• March 28, 2024, 04:30:30 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How can I block sites accessed via SSL (https)  (Read 13410 times)

thoff

  • Level 1 Member
  • *
  • Posts: 4
How can I block sites accessed via SSL (https)
« on: September 15, 2009, 04:39:16 PM »

I have a DIR-655 and I've configured it to block specific websites for specific machines on my network.  This works fine EXCEPT when a site is accessed via SSL.  For example, accessing http://www.myblockedsite.com will return the router's "website blocked" page. But if I try accessing https://www.myblockedsite.com the router lets me right on thru.  :(

Hardware Version:A4
Firmware Version: 1.21, 2008/10/09

Access Control is configured...


Web Filter is configured...


I try to get to the forbidden site from the restricted PC and ...


works like a charm...


but... if I try https


router let's the site right on thru...  >:(


« Last Edit: September 15, 2009, 05:48:55 PM by thoff »
Logged

KevTech

  • Guest
Re: How can I block sites accessed via SSL (https)
« Reply #1 on: September 15, 2009, 05:34:07 PM »

I don't think there is any home class router that supports https blocking.
Logged

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: How can I block sites accessed via SSL (https)
« Reply #2 on: September 16, 2009, 10:23:10 AM »

you will have to block the port through port filtering. When you set port filtering to block port 443.

Port filtering was the only way I was able to successfully block torrent downloads, blocking all but the necessary ports used for web browsing and messenger communication.

If you want execptions to your blocked ports, after creating the blocked port rule create another rule and call it exception list and then choose only log web access and put your mac addresss in the field provided.
Logged

thoff

  • Level 1 Member
  • *
  • Posts: 4
Re: How can I block sites accessed via SSL (https)
« Reply #3 on: September 17, 2009, 10:39:30 AM »

Thanks @lotacus... port filtering on port 443 did the trick. 

At first I thought it was too much to block all SSL traffic but then I realized I could block SSL for a specific IP range.  A quick ping of optionsxpress.com revealed the ip address and I just blocked the whole class-c subnet.






Logged

Dalaohu

  • Level 1 Member
  • *
  • Posts: 1
Re: How can I block sites accessed via SSL (https) - DIR-867
« Reply #4 on: April 22, 2020, 07:07:17 PM »

I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router

the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.

so firewall solution is the alternative way to go.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How can I block sites accessed via SSL (https) - DIR-867
« Reply #5 on: April 22, 2020, 09:40:09 PM »

Is with in the UI of your 867 router or you you have a external firewall appliance device in front of your 867?

Thanks for posting. I'm sure after 11 years people have moved on though.

I have found a workaround by using Firewall on the IPV4 rules that just blocks out the intended websites IP address range.
and can be customized to block out only a pre-set scheduled time frame.
quite nice.
this is for DIR-867 router

the website filter only works on 80 port.
443 port can't be blocked since the site info is encrypted.

so firewall solution is the alternative way to go.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.