What's new

How to filter keywords and urls

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

umrico

Occasional Visitor
So for decades we have been able to filter websites and keywords with url filter and keyword filter.

Today I learned it doesn't work due to https/DoT/dnsfilter?

Is there any way to fix/workaround this without losing https/DoT/dnsfilter?

Objective is to block kid from using minecraft/roblox/youtube etc during school hours.

Any help is much appreciated.

Using an AX-86U on the latest stable merlin.

Thanks!
 
The only way I know of filtering URLs is by using a proxy server on your LAN. Even that has problems and limitations, for example apps that don't use URLs. So blocking by domain, while not perfect, is usually more effective.
 
If we're talking strictly about blocking URLs and keywords, that capability is, for all intents and purposes, DEAD due to the proliferation of https. All that remains is domain name blocking w/ DNS (provided it's traditional DNS (udp/tcp, port 53, in the clear)), or else blocking those domains (public IPs) w/ firewall rules. Something like the Diversion addon might be helpful too.

But just be forewarned. Everyday the internet is working against you in this regard w/ the move towards greater privacy and security. On the one hand, it's useful. But for parental control purposes, it's a nightmare. You simply have two different requirements pulling in opposite directions, and parental controls are likely to be the loser over the long haul. In short, you're fighting a losing battle.

Btw, isn't it about time the URL/keyword features were removed from the GUI? It's just misleading to leave them in place. And yes, I know it's been "enhanced" to trap on DNS queries, but we already have solutions for dealing w/ DNS, and which are done explicitly. Even to the extent it works, you're right back to the same problem of encrypted DNS becoming the norm, just like https. Just seems to me we're trying to keep grandpa on life support when it's probably time to let him go (sorry grandpa).
 
This is the current problem. On one side are the privacy-focused people who wants to hide ALL traffic from prying eyes, and on the other side you have network administrators and parents who need to be able to monitor and manage trafic.

Once you implement DoH/DoT + ESNI, then trafic management becomes impossible for anything http-based. Both DNS queries and the HTTP headers will be obfuscated, and if the remote end is behind any kind of CDN, then it's game over.
 
I use a combination of Windows 10 Parental Controls (time limits, app control), Screen Time for iOS (time limits, app control) for his phone and NextDNS (CLI on the router, NextDNS signed profile on his phone). Just the fact that he knows I can see his online activity, even when he's away from home, makes him comply with the rules we drafted together. If he crosses a border, if needed, I block the domains for a day or so, but it barely comes that far.
 
I use the parental control of the router + opendns. but if it fails. Whatever YouTube is, twitch I limit the speed to the minimum to navigate.
 
I use the parental control of the router + opendns. but if it fails. Whatever YouTube is, twitch I limit the speed to the minimum to navigate.

Maybe this could help?


Otherwise maybe NextDNS is a solution to your issues.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top