1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to block a URL ? Doesn't appear to be working

Discussion in 'Asuswrt-Merlin' started by cw-kid, Dec 19, 2018.

  1. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    Hello

    I want to block some Logitech Harmony domain names on my router.

    I have an Asus RT-AC68U with Merlin Firmware Version: 384.8_2

    I have gone in to the Firewall settings and URL Filter and Enabled it and set it to Blacklist.

    I have added the domain names without the http:// or https://

    As a test I also added playboyenterprises.com

    However in my web browsers I can still access that website, so why hasn't it been blocked ?

    Thanks
     
  2. PolarBear

    PolarBear Regular Contributor

    Joined:
    Apr 14, 2015
    Messages:
    144
    Location:
    North of the Alps
    I tried this a few weeks ago and found that (in your example) it will not work if you include the ".com".

    Just type in the name of the website without anything else.

    You may have to wait a few minutes for it to become active.

    (This is for RT-AC86U running Merlin 384.6 - presumably other models and versions are similar).
     
  3. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    Thank you very much! I will try that.
     
  4. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    960
    url blacklist doesn't work on HTTPS versions of websites so it is pretty pointless.
     
  5. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    These are the addresses I want to block. I don't know if they use Https.

    • svcs.myharmony.com
    • content.dhg.myharmony.com
    • logging.dhg.myharmony.com
    • myharmony.com
    • sus.dhg.myharmony.com
    Because recent Logitech Harmony firmware breaks Home Automation systems integration.
     
  6. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    I've taken the .com off the end so it's just:

    playboyenterprises

    However I can still access the website in the browser.

    I believe it's a http site so should be blocked
     
  7. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
  8. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    I've created a file called hosts.add and placed it in to the/ jffs/configs/ folder.

    Its contents are:

    127.0.0.1 svcs.myharmony.com
    127.0.0.1 content.dhg.myharmony.com
    127.0.0.1 logging.dhg.myharmony.com
    127.0.0.1 myharmony.com
    127.0.0.1 sus.dhg.myharmony.com

    And I rebooted the router.

    However I can still ping svcs.myharmony.com from my laptop and its not coming back with 127.0.0.1

    I flushed the DNS and Registered it again on the Windows 10 laptop

    Enable JFFS custom scripts and configs was already set to YES.

    If I look in the /etc folder and the host file in there, my entries have been added OK to the host file:

    127.0.0.1 localhost.localdomain localhost
    192.168.1.1 router.asus.com
    192.168.1.1 www.asusnetwork.net
    192.168.1.1 www.asusrouter.com
    192.168.1.1 RT-AC86U-BE20. RT-AC86U-BE20
    127.0.0.1 svcs.myharmony.com
    127.0.0.1 content.dhg.myharmony.com
    127.0.0.1 logging.dhg.myharmony.com
    127.0.0.1 myharmony.com
    127.0.0.1 sus.dhg.myharmony.com

    So why when I ping the myharmony domains does it still resolve to their public IP and not 127.0.0.1 ?

    If I go to the router Admin page and Network Tools and use the Ping function in there, if I ping svcs.myharmony.com it does resolve to 127.0.0.1.

    So have I blocked these domains or not? How will I know the Harmony hubs cannot access these domains ?

    I would expect my laptop to also return 127.0.0.1 its WIFI connection is DHCP and its only DNS server is the router.

    Rebooting the laptop makes no difference, my Windows server also is resolving their domain names to their public IPs and not 127.0.0.1.


    C:\WINDOWS\system32>ping svcs.myharmony.com

    Pinging prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com [54.165.126.61] with 32 bytes of data:
    Reply from 54.165.126.61: bytes=32 time=95ms TTL=241
    Reply from 54.165.126.61: bytes=32 time=93ms TTL=241
    Reply from 54.165.126.61: bytes=32 time=95ms TTL=241
    Reply from 54.165.126.61: bytes=32 time=92ms TTL=241
     
    Last edited: Dec 19, 2018
  9. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    My first guess would be that your PC isn't using the router as its DNS server. Check it with "ipconfig /all".
     
  10. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    If I do an ipconfig /all under the Wifi adapter it says the DNS server is the local LAN IP of my router. Same on two PC's but they both still resolve the myharmony domains to their public IPs.
     
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Are you using DNSFilter or a VPN client on the router?

    What do you get from these commands on your PC:

    nslookup svcs.myharmony.com

    nslookup svcs.myharmony.com 192.168.1.1
     
  12. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    Colin

    Yes there is an OpenVPN Client running on the router.

    nslookup svcs.myharmony.com
    Server: UnKnown
    Address: 192.168.1.1

    Non-authoritative answer:
    Name: prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com
    Addresses: 100.26.13.108
    54.165.126.61
    Aliases: svcs.myharmony.com

    nslookup svcs.myharmony.com 192.168.1.1
    Server: UnKnown
    Address: 192.168.1.1

    Non-authoritative answer:
    Name: prod-auto-lb-2-1658367766.us-east-1.elb.amazonaws.com
    Addresses: 54.165.126.61
    100.26.13.108
    Aliases: svcs.myharmony.com

    Thanks
     
  13. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    If I turn the VPN off on the router and ping it again it now says:

    ping svcs.myharmony.com
    Ping request could not find host svcs.myharmony.com. Please check the name and try again.

    There is no VPN client on the PC itself.
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Do you have the VPN client setup so that the internet is unreachable when the VPN is not active? I believe that's an option, but I can't be more specific because I don't use the VPN client.
     
  15. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    Yes that option is turned on normally, its named "Block routed clients if tunnel goes down"

    But the VPN is always connected on the router. Well turned on at least.
     
  16. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    Doesn't seem to make a difference, if I set "Block routed clients if tunnel goes down" to NO and then turn the VPN back on the ping starts resolving the myharmony public IP again.

    So its something to do with the VPN why my host entries aren't working ?
     
  17. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    "Accept DNS Configuration" is set to exclusive on the VPN client, not sure if that might be related?
     
  18. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    If I change "Accept DNS Configuration" to Disabled and the VPN is on, now my PC cannot resolve the myharmony domain name.

    So it seems to be related to that setting. However I am not sure what that setting really means and I think the instructions of the VPN provider said to set it to Exclusive.
     
  19. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    I've raised a ticket with my VPN providers support, see what they say.
     
  20. cw-kid

    cw-kid Occasional Visitor

    Joined:
    Oct 24, 2018
    Messages:
    32
    I'd changed the host file to 0.0.0.0 as a test.

    I've just changed it back to 127.0.0.1

    And now when I ping the myharmony domains they resolve to 127.0.0.1

    With the VPN up but that "Accept DNS Configuration" setting set to Disabled.

    I guess either 0.0.0.0 or 127.0.0.1 will work and send it to a black hole.