Menu
What's new
By:
Filters Better Search

Solved AiProtection & URL Filter — am I using it wrong?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sky

Sky

Regular Contributor
Greetings, All.

I am trying to figure out if I am just spinning my wheels, wasting time, and worse — wasting precious memory on my router, or if what I'm doing is actually worthwhile. I suspect I'm simply duplicating an already working system and maybe even causing it to be less efficient than designed.

AiProtection seems to be working well for us. I routinely check it and see many attacks thwarted. The log of those attacks reflects the originating IP addresses. Firewall > URL Filtering allows filtration by URL, but also by IP, including whole huge swaths. Filter an entire country? Sure!

So of course, I do. And I felt really, really good about it, until the list grew to about 35 IPs & ranges. Now I'm beginning to wonder just what I hath wrought. :confused:

Is there any benefit to entering some of these origin IPs into my URL Filtering list? Or is it just — silly?

Thanks for any input, for I am — and most probably always will be — still a noob.

Sky
 
URL Filtering is less effective nowadays with the proliferation of https. Things that are encrypted can’t be filtered. Only old-school http URLs can be filtered and those are now harder to find.
 
dave14305 said:
URL Filtering is less effective nowadays with the proliferation of https. Things that are encrypted can’t be filtered. Only old-school http URLs can be filtered and those are now harder to find.
Click to expand...

So…

Does this mean: "Sky, you're using it wrong. If AiProtection is already seeing — and stopping — those IPs from attacking you as witnessed by the Two-Way IPS log, then there is no reason to populate the URL Filter with those same IPs or even IP ranges gleaned from reviewing the log. It's just a waste of your router's precious memory."
OR
Does it mean: "Using URL Filter to block IP ranges the way you're doing it will effectively supplement AiProtection and make your system more secure. But, using it for the individual IPs when AiProtection is already seeing them is a waste of router memory."
OR
Does it mean: "Say, that's a great idea! It should work really well — but be careful about blocking ranges. You can easily block entire countries, even continents."

Signed,
Confused Sky
 
Yes, you're using it wrong.:D (Sounds like an Apple excuse ;))

You are talking about two different things. The URL filter was never meant to be used as (and isn't) a form of firewall/IDS/anti-virus. It was designed as as crude way to block http requests to certain websites, e.g. perhaps your kids were spending too much time on http://lego.com ? As mentioned above, URL filtering is mostly ineffective nowadays because almost everything is using https.
 
ColinTaylor said:
Yes, you're using it wrong.:D (Sounds like an Apple excuse ;))
Click to expand...

Excellent! Thank you for setting me on the right path. You wouldn't believe how much time I've wasted with this.

Thank you, thank, thank you!!
 
Sky said:
You can easily block entire countries, even continents."
Click to expand...
Some deserve to be blocked :)

I got really frustrated one day with all the hits and attempts to exploit vulnerabilities in web sites (remote Loggins, ssh sessions, port scans, etc). I wrote a script that would populate a data base with the IP of the offenders. Another program would analyse the data,consolide it and based on various rules, start blocking IPs subnets, class d ranges, class c ranges etc. It would track by date and allow a reprieve after 7 days (just trying to keep the ip table small). This table was then automatically refreshed and sent to iptables to do the blocking. Worked very well. But I live for this sort of thing. It was overkill defined.
 
dosborne said:
Some deserve to be blocked :)

I got really frustrated one day with all the hits and attempts to exploit vulnerabilities in web sites (remote Loggins, ssh sessions, port scans, etc). I wrote a script that would populate a data base with the IP of the offenders. Another program would analyse the data,consolide it and based on various rules, start blocking IPs subnets, class d ranges, class c ranges etc. It would track by date and allow a reprieve after 7 days (just trying to keep the ip table small). This table was then automatically refreshed and sent to iptables to do the blocking. Worked very well. But I live for this sort of thing. It was overkill defined.
Click to expand...

That's pretty much where I've been except your method is W-A-Y cooler! I would have totally done this if I'd had a clue how to write & implement it. I'd have called it Forrest and just let it run and run and run.

If they're not dead, it's not overkill. ;)
 
You must log in or register to reply here.

Similar threads

Sky
[RT-AC87R] AiProtection Two Way IPS define "Top Client"
Replies
2
Views
2K
Sky
Sky
Similar threads
Thread starter Title Forum Replies Date
P Does AiProtection work when dcd crashes? ASUSWRT - Official 1
I AiProtection - Malicious Sites Blocking, no logs since 10/23 ASUSWRT - Official 3
B Clear, Delete, or Reset AiProtection's Alert Preference Information ASUSWRT - Official 3
L What Routers support AiProtection Pro? ASUSWRT - Official 2
L Does it make sense to have AiProtection enabled? ASUSWRT - Official 5
W Aiprotection update error ASUSWRT - Official 5
TheLyppardMan Apparent problem when using the Wireless MAC Filter ASUSWRT - Official 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 855 (members: 15, guests: 840)
Top