help with blocking https site

Comments

14 comments

  • Avatar
    rotblitz

    There are no such things like a "https DNS addresses".  DNS doesn't know about HTTPS, just about domain names and their IP addresses.

    That said, if you block youtube.com, then both, http://*.youtube.com/ and https://*.youtube.com/ are blocked.

    -2
    Comment actions Permalink
  • Avatar
    zamm

    My Netgear router will not block https addresses..  "As per NETGEAR engineering, no home class routers support https blocking".

    I wanted to block this site through the router to utilise the time block feature. I cannot because of this issue with Netgear.

    Other blocking avenues I have looked into will block the site but block it all the time (by placing it on a blacklist).  I would like the time block feature.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    But as I understand it, Netgear routes with Live Parental Controls*) enabled allow for time-based settings.  So you can achieve what you want unless you want the HTTP site accessible and the HTTPS site blocked.

    http://netgear.com/LPC#four

    *)  LPC powered by OpenDNS

    -1
    Comment actions Permalink
  • Avatar
    zamm

    The LPC does have time-based settings but only when it comes to blocking categories.  If I block the category that youtube is included in, lots of other sites will be blocked as well.  LPC does have a blacklist option but that is not on a schedule.  Yes, I know I can white list sites that would be included in the category with youtube but the only one I want blocked is youtube.  How could I white list everything else. It's just not practical.

    The bottom line is that there is only one video site I want blocked (https:\\www.youtube) and want it on a schedule.  I cannot accomplish this with LPC or Open DNS. Why is something this simple so hard to accomplish?

    0
    Comment actions Permalink
  • Avatar
    zamm

    ...forgot to add, I want both http and https blocked. not one or the other.

    0
    Comment actions Permalink
  • Avatar
    skhanal

    I was going crazy about blocking youtube. Https is not blocked while http is. Router is supposed to block by keywords, opendns is too restrictive for me. Video sharing blocks amazon video as well.

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    There's no reason to go crazy about blocking YouTube.  If you want to block just YouTube with OpenDNS, then add youtube.com and ytimg.com to your "always block" list.  This blocks HTTP and HTTPS and every other protocol.

    "opendns is too restrictive for me."

    That's you, or better your OpenDNS settings, not OpenDNS.  OpenDNS doesn't block anything by default except phishing and some malware domains.

    0
    Comment actions Permalink
  • Avatar
    skhanal

    Rotbitz,

    Thanks for responding, however blocking does not work for me. I have added youtube.com, youtube, www.youtube.com as keywords to block. If I go to http://www.youtube.com it is blocked, but If I do https://www.youtube.com then it is open. Blocking is "supposed" to block irrespective of http or https but it does not.

    Regarding opendns, the categories is video sharing to block youtube. It does that but it prevents me from using Amazon Instant Video. I don't consider Amazon Instant Video as video sharing, but OpenDNS does.

    0
    Comment actions Permalink
  • Avatar
    Anthony Honciano

    As rotblitz mentioned earlier, the filter should block both http and https youtube.com. The resolvers will only recognize the domain name and associate it to an IP address. When you approach the time when youtube.com should be blocked, flush your browser and DNS cache by following the instructions below, then try accessing youtube.com.

    http://www.opendns.com/support/article/67
    http://www.opendns.com/support/article/68

    If this doesn't work, I would recommend disabling the LPC from your computer and use the manual method of configuring OpenDNS and record your traffic via the Stats and Logs feature. This will help us test your network with the content filters as you try both http and https of youtube.com. Please visit https://store.opendns.com/setup/router to help you set up your router with OpenDNS.

    Once you have your IP address registered in your dashboard at https://dashboard.opendns.com/settings, you will need to click into your network and click Stats and Logs and enable the feature. Please allow 24 hours for the system to collect the data; during that time visit the domain youtube.com using both http and https

    Let us know if you have any questions.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Also...

    "I have added youtube.com, youtube, www.youtube.com as keywords to block."

    Where did you add those, at the OpenDNS website or in your router?  We can't speak for your router, but for OpenDNS youtube.com already covers www.youtube.com and any other subdomains, and youtube is not a valid domain name, so cannot be entered into the OpenDNS blacklist or whitelist.

    If you entered those terms into your router as keywords to be blocked, then it may well be that your router does not block HTTPS, but HTTP.  This would be unrelated to OpenDNS.  As you said: "My Netgear router will not block https addresses..  "As per NETGEAR engineering, no home class routers support https blocking"."  But OpenDNS does!  So OpenDNS is the way to go if you want to block also HTTPS sites.

    "Regarding opendns, the categories is video sharing to block youtube. It does that but it prevents me from using Amazon Instant Video."

    Then simply don't block the video sharing category, but, as I said, add only youtube.com and ytimg.com to the OpenDNS "always block" list.  You're done then.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Sorry, this ""My Netgear router will not block https addresses..  "As per NETGEAR engineering, no home class routers support https blocking"." was not your quote, but somebody else's.  No matter, this seems to be the fact.

    0
    Comment actions Permalink
  • Avatar
    Anthony Honciano

    skhanal, I was able to look into your dashboard, and it seems that the domains were not added to your block/allow lists via http://netgear.opendns.com. Please clarify with us where the domains were added to block on your network? Please use the steps at http://www.take-a-screenshot.org to take a screenshot where you configured the domains for your network.

    0
    Comment actions Permalink
  • Avatar
    skhanal

    I was trying to do it from router, as you said it does not work. So I will drop that.

    In opendns, I don't see a place to edit "always block list". I only see filtering levels like. Where can I add specific sites?

     

    Filtering Level

    High

    Protects against all adult-related sites, illegal activity, social networking sites, video sharing sites, and general time-wasters.

    27 out of 60 categories in this group - View - Customize

    Moderate

    Protects against all adult-related sites and illegal activity.

    14 out of 60 categories in this group - View - Customize

    Low

    Protects against pornography and phishing.

    5 out of 60 categories in this group - View - Customize

    Minimal

    Protects against phishing attacks.

    1 out of 60 categories in this group - View - Customize

    None

    Nothing blocked.

    Custom

    Only categories you select are blocked.

    0
    Comment actions Permalink
  • Avatar
    skhanal

    I found it in Account settings, please ignore my previous post. Thank you for your help.

    0
    Comment actions Permalink

Post is closed for comments.