How to block a URL ? Doesn't appear to be working

[cw-kid]

Hello

I want to block some Logitech Harmony domain names on my router.

I have an Asus RT-AC68U with Merlin Firmware Version: 384.8_2

I have gone in to the Firewall settings and URL Filter and Enabled it and set it to Blacklist.

I have added the domain names without the http:// or https://

As a test I also added playboyenterprises.com

However in my web browsers I can still access that website, so why hasn't it been blocked ?

Thanks

 

[PolarBear]

Hello

I want to block some Logitech Harmony domain names on my router.

I have an Asus RT-AC68U with Merlin Firmware Version: 384.8_2

I have gone in to the Firewall settings and URL Filter and Enabled it and set it to Blacklist.

I have added the domain names without the http:// or https://

As a test I also added playboyenterprises.com

However in my web browsers I can still access that website, so why hasn't it been blocked ?

Thanks

I tried this a few weeks ago and found that (in your example) it will not work if you include the ".com".

Just type in the name of the website without anything else.

You may have to wait a few minutes for it to become active.

(This is for RT-AC86U running Merlin 384.6 - presumably other models and versions are similar).

 

[cw-kid]

Thank you very much! I will try that.

 

[FreshJR]

url blacklist doesn't work on HTTPS versions of websites so it is pretty pointless.

 

[cw-kid]

These are the addresses I want to block. I don't know if they use Https.

• svcs.myharmony.com
• content.dhg.myharmony.com
• logging.dhg.myharmony.com
• myharmony.com
• sus.dhg.myharmony.com

Because recent Logitech Harmony firmware breaks Home Automation systems integration.

 

[cw-kid]

I've taken the .com off the end so it's just:

playboyenterprises

However I can still access the website in the browser.

I believe it's a http site so should be blocked

 

[cw-kid]

Same question here: https://www.snbforums.com/threads/block-domains-websites.50513/

Sounds like I need a host file with the jffs partition and point those domain names to 0.0.0.0

Need to work out how to do that now.

 

[cw-kid]

I've created a file called hosts.add and placed it in to the/ jffs/configs/ folder.

Its contents are:

127.0.0.1 svcs.myharmony.com
127.0.0.1 content.dhg.myharmony.com
127.0.0.1 logging.dhg.myharmony.com
127.0.0.1 myharmony.com
127.0.0.1 sus.dhg.myharmony.com

And I rebooted the router.

However I can still ping svcs.myharmony.com from my laptop and its not coming back with 127.0.0.1

I flushed the DNS and Registered it again on the Windows 10 laptop

Enable JFFS custom scripts and configs was already set to YES.

If I look in the /etc folder and the host file in there, my entries have been added OK to the host file:

127.0.0.1 localhost.localdomain localhost
192.168.1.1 router.asus.com
192.168.1.1 www.asusnetwork.net
192.168.1.1 www.asusrouter.com
192.168.1.1 RT-AC86U-BE20. RT-AC86U-BE20
127.0.0.1 svcs.myharmony.com
127.0.0.1 content.dhg.myharmony.com
127.0.0.1 logging.dhg.myharmony.com
127.0.0.1 myharmony.com
127.0.0.1 sus.dhg.myharmony.com

So why when I ping the myharmony domains does it still resolve to their public IP and not 127.0.0.1 ?

If I go to the router Admin page and Network Tools and use the Ping function in there, if I ping svcs.myharmony.com it does resolve to 127.0.0.1.

So have I blocked these domains or not? How will I know the Harmony hubs cannot access these domains ?

I would expect my laptop to also return 127.0.0.1 its WIFI connection is DHCP and its only DNS server is the router.

Rebooting the laptop makes no difference, my Windows server also is resolving their domain names to their public IPs and not 127.0.0.1.


C:\WINDOWS\system32>ping svcs.myharmony.com

Pinging prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com [54.165.126.61] with 32 bytes of data:
Reply from 54.165.126.61: bytes=32 time=95ms TTL=241
Reply from 54.165.126.61: bytes=32 time=93ms TTL=241
Reply from 54.165.126.61: bytes=32 time=95ms TTL=241
Reply from 54.165.126.61: bytes=32 time=92ms TTL=241

 

[ColinTaylor]

My first guess would be that your PC isn't using the router as its DNS server. Check it with "ipconfig /all".

 

[cw-kid]

If I do an ipconfig /all under the Wifi adapter it says the DNS server is the local LAN IP of my router. Same on two PC's but they both still resolve the myharmony domains to their public IPs.

 

[ColinTaylor]

Are you using DNSFilter or a VPN client on the router?

What do you get from these commands on your PC:

nslookup svcs.myharmony.com

nslookup svcs.myharmony.com 192.168.1.1

 

[cw-kid]

Colin

Yes there is an OpenVPN Client running on the router.

nslookup svcs.myharmony.com
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com
Addresses: 100.26.13.108
54.165.126.61
Aliases: svcs.myharmony.com

nslookup svcs.myharmony.com 192.168.1.1
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com
Addresses: 54.165.126.61
100.26.13.108
Aliases: svcs.myharmony.com

Thanks

 

[cw-kid]

If I turn the VPN off on the router and ping it again it now says:

ping svcs.myharmony.com
Ping request could not find host svcs.myharmony.com. Please check the name and try again.

There is no VPN client on the PC itself.

 

[ColinTaylor]

Do you have the VPN client setup so that the internet is unreachable when the VPN is not active? I believe that's an option, but I can't be more specific because I don't use the VPN client.

 

[cw-kid]

Yes that option is turned on normally, its named "Block routed clients if tunnel goes down"

But the VPN is always connected on the router. Well turned on at least.

 

[cw-kid]

Doesn't seem to make a difference, if I set "Block routed clients if tunnel goes down" to NO and then turn the VPN back on the ping starts resolving the myharmony public IP again.

So its something to do with the VPN why my host entries aren't working ?

 

[cw-kid]

"Accept DNS Configuration" is set to exclusive on the VPN client, not sure if that might be related?

 

[cw-kid]

If I change "Accept DNS Configuration" to Disabled and the VPN is on, now my PC cannot resolve the myharmony domain name.

So it seems to be related to that setting. However I am not sure what that setting really means and I think the instructions of the VPN provider said to set it to Exclusive.

 

[cw-kid]

I've raised a ticket with my VPN providers support, see what they say.

 

[cw-kid]

I'd changed the host file to 0.0.0.0 as a test.

I've just changed it back to 127.0.0.1

And now when I ping the myharmony domains they resolve to 127.0.0.1

With the VPN up but that "Accept DNS Configuration" setting set to Disabled.

I guess either 0.0.0.0 or 127.0.0.1 will work and send it to a black hole.