PC filtering works fine but not smartphone

Comments

17 comments

  • Avatar
    rotblitz

    Visit http://welcome.opendns.com/ on the smartphone, especially with UC,  to see if it uses OpenDNS at all.  If not, you'll indeed not receiving filtering.

    One reason for not using OpenDNS may be that the internet connection is via mobile provider, not via your router's WLAN.  Another reason, not sure what UC is, but it may use its own DNS, not OpenDNS as configured on the router for your network.

    0
    Comment actions Permalink
  • Avatar
    fenton79
    Thanks for the reply. Indeed I get a red X when using UC Browser, but not any of the other android browsers I have downloaded and tested. I have disabled mobile data so it can only be using my router's WLAN. Do you know how I can find out on a phone whether a browser app uses its own DNS? I didn't realise that was possible when it is going through my router that I have configured to use OpenDNS.

    The browser is simply called "UC Browser", and the same happens with "UC Browser mini".
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Indeed I get a red X when using UC Browser"

    Ok, then one of my assumptions holds true, this UC browser uses its own DNS, not the one configured by you. :(

    As I said, I don't know this UC browser, but if you don't like it, because it uses its own DNS, circumventing your network settings, don't use it.  You may also be able to block the domain from where it can be downloaded.

    "Do you know how I can find out on a phone whether a browser app uses its own DNS?"

    Same as you did with the UC browser - you visit http://welcome.opendns.com/ with it.

    "I didn't realise that was possible when it is going through my router that I have configured to use OpenDNS."

    This is possible with every device if you configure a non-OpenDNS DNS service on it.  You may be able to block port 53 passthrough on the router or to redirect all port 53 traffic on the router to OpenDNS.  That would be a very efficient measure to stop using alternative DNS services, different from what you configured.  Using browsers like the UC browser for OpenDNS circumvention would render useless then.

    0
    Comment actions Permalink
  • Avatar
    fenton79

    Redirecting port 53 traffic sounds the way forward - I am poking around on my router page with no success yet in working out how to do that. Since I don't have a great understanding of networking and ports etc I managed to break my connection to the internet completely and had to hard reset the router and then configure it with Open DNS all over again... Do you have any specific instructions for redirecting port 53 traffic? I use a Technicolour TG582N which I had to telnet to to configure OpenDNS. Thanks for your help.

    0
    Comment actions Permalink
  • Avatar
    fenton79

    I tried to create a firewall rule by following instructions here (http://npr.me.uk/webfilter.html) and I attach the one I created which, according to the link, should work. However, the UC browser somehow still does not go through OpenDNS. Is the attached firewall rule equivalent to blocking port 53? I can't see how to do that on my router...




    Firewall.jpg
    0
    Comment actions Permalink
  • Avatar
    Daniel Cheung

    Hello fenton79,

    It doesn't look like there's a way to alter the DNS settings from UC Browser (I'm checking on the Android version of it). However, it looks like UC Browser uses some form of proxying for their service, which would alter how DNS requests are made even if you're using OpenDNS on your wifi settings. You can run a proxy test at http://www.lagado.com/proxy-test to see the results of what I am referring to.

    Disabling the "Cloud Boost" function should disable this proxying. Can you give this a try?

     

    0
    Comment actions Permalink
  • Avatar
    fenton79
    Yes indeed your test shows proxying in use, and I cannot disable it with the UC Mini that I am currently testing. However, my goal is not to change things via each app but have the router do all the work. Is there a way of configuring the router to block proxy servers?
    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Your router might be able to block that kind of thing, but how to do that is beyond the scope of this forum. You'd need to visit the support site for your forum.

    Why not just use a browser that doesn't engage in this kind of behavior if you cant turn it off?

    0
    Comment actions Permalink
  • Avatar
    fenton79
    The point of setting this up is home security and specifically giving me confidence that porn is blocked from the house. The problem with your suggestion is that anyone could simply choose to bypass the filtering by either using a browser with a built in proxy or setting up their own proxy. I am not savvy enough to know how to make that route impossible, or even whether router's can do what I am looking for.
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    As mattwilson9090 said, your best bet is to check your router's manual or refer to your router's support to see what possibilities are there.
    As you didn't say what exact router model you have, nobody here can help anyway.

    0
    Comment actions Permalink
  • Avatar
    fenton79

    It is a Technicolour TG582n. I am trying to search for suitable support for the router itself alongside this thread - could you answer whether in principle it would be possible to configure a router (I realise it will be different for each one) to block all attempts to bypass OpenDNS by using proxy servers (such as those built in to UC Browser and it seems Opera as well)? 

    I may have understood this wrong, but doesn't the traffic from the web browser on the smart phone have to go through the router before it can reach the proxy server? So the router should be able to stop it if it can recognise what is happening? Thanks again all for help, I am learning heaps by having to tackle all this...

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    A Technicolor router?  There are excellent hints and instructions at http://npr.me.uk/
    Especially http://npr.me.uk/webfilter.html is for OpenDNS use which you already mentioned above.

    "doesn't the traffic from the web browser on the smart phone have to go through the router before it can reach the proxy server?"

    Yes, of course.

    "So the router should be able to stop it if it can recognise what is happening?"

    If the browser is using a proxy, you may not be able to block it on the router, because it may share the same HTTP/HTTPS traffic and ports with the other web traffic.  But you may be able to block it even with OpenDNS.  You must find out the domain name of the related proxy server (this most likely will even appear in your OpenDNS domain stats!), and then add this domain name(s) to your "always block" list.  That would block the related browser efficiently from using a proxy.

    If the browser proxy uses a non-standard port (different from 80 and 443 and other standard ports), you will be able to block this port outgoing on the router, because the router is then able to "recognise" it.

    0
    Comment actions Permalink
  • Avatar
    elhuevon

    Not to hijak but what about chrome browser for mobile?  Anyone know why it suddenly isn't being blocked on wifi?  It was blocked just two days ago and now nothing is blocked.   Is it also using a proxy or a different port?

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Well, since you did decide to hijack the thread with something else, did you work through the discussion and troubleshooting methods the OP did?

    0
    Comment actions Permalink
  • Avatar
    elhuevon

    Made sure i was on wifi not 4g. Tried static vs dhcp.  My netgear wndr 3700v2 does't have anyway to do fire wall rules. 
    UPDATE: android chrome has a data saver feature that uses a web proxy.  Disableing data saver makes it work as intended or add compress.googlezip.net to a block list or ensure that the category Proxies/Anonymizers is blocked.

    https://support.opendns.com/entries/63776220-Chrome-for-Mobile-and-OpenDNS-Inconsistency-with-block-pages

     

    Off to try adding compress.googlezip.net to my block list.

    0
    Comment actions Permalink
  • Avatar
    s_o

    I am facing same issue.. want to block on every device through DNS settings on my router. But UC Browser can still access all blocked content, and I can't go to all users and uninstall / stop them using UC Browser. 

    Anyway to find what proxy UC browsers uses and block that or something like that?

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Your message is a duplicate of this thread from you.

    If you want to block access from the UC Browser app to UC's proxy and other servers, then you'll want to blacklist at least the following domains at your OpenDNS dashboard:

    • ucweb.com
    • amap.com
    • alibaba.com
    • umengcloud.com
    • uc.cn
    • sm.cn
    • umeng.cloud

    (The domain information derived from this article.)

    You may detect more UC Browser related domains at
    https://dashboard.opendns.com/stats/all/topdomains

    0
    Comment actions Permalink

Please sign in to leave a comment.