Question Hardware to Whitelist by URL?

MaxWebXperienZ · Thursday at 3:47 PM

I had a Duolinks router that was easy to set up to whitelist a few url's but it got stolen. I bought a MicroTik but realized I don't want to learn to program it. I'm looking for a modern router that is not too difficult to set up to whitelist a dozen url's for a task-specific computer.

lantis3 · Thursday at 4:01 PM

Don't think you want to whitelist urls. There are too many urls or sites you have to allow to pass the router/firewall to make internet work.

You do have options. Setup a DIY pfsense firewall or Pi-Hole DNS. But you have to look at the logs to identify all additional sites you must whitelist in addition to the urls that you want to allow.

MaxWebXperienZ · Thursday at 4:55 PM

Thanks. pfsense would appeal to me but it runs on FreeBSD which was known to have backdoors from it's outset. I'll be happier when i can find a router that runs on it's internal low level program as in firmware. Have to think about the Pi-Hole DNS , it touts ad blocking which is not my concern.

I never encountered any problems with whitelisting just a few url's and blocking all else. I had two identical computers, one for surfing the internet, not whitelisted obviously, and the other whitelisted by a HotBrick router. The surfing one had problems of all sorts due to exposure to the general internet, the one behind the HotBrick never had a single problem. I discovered, however that if the power went out and came back up the HotBrick was wide open and needed some setting changed to get it to filter url's so yeah, not real easy to get where I want to be.

The windows firewall can be made to do what I want but I don't trust it, also it gets its settings changed with updates, secretly...

lantis3 · Thursday at 5:01 PM

You can try https://technitium.com/dns/ then, install right on the Windows machine you want to control.

open source, pi-hole like. I think it has better logging, however.

Of course you have to lock down control panel/settings to prevent dns settings being changed.

Oops, it looks like the technitium dns whitelist only removes the urls from the blacklist.

MaxWebXperienZ · Thursday at 5:22 PM

The docs mention block lists but not whitelists... I have one computer set aside purely to connect to one service and i know all the url's said service uses. I need to block the entire internet and pass only those url's. I did it before, my question is just to find a router that can do that.

kanewolf · Thursday at 5:26 PM

MaxWebXperienZ said:
The docs mention block lists but not whitelists... I have one computer set aside purely to connect to one service and i know all the url's said service uses. I need to block the entire internet and pass only those url's. I did it before, my question is just to find a router that can do that.

What about using the host file and not defining a DNS.

lantis3 · Thursday at 5:33 PM

kanewolf said:
What about using the host file and not defining a DNS.

👍 Hope the site won't change it's IP.

bill001g · Thursday at 6:33 PM

It is almost impossible to do this...unless you do it with the browser somehow.

There is no way to see the actual URL anymore because of HTTPS. You can partially do it if you setup a DNS server. Router used to filter DNS requests attempting to block things but this no longer works if you are using encrypted DNS...which is highly recommended and now supported by windows itself.

Even attempting to filter by IP address is not real good. Many sites share multiple addresses and tend to just come back to huge hosting centers like google/cloudflare etc.

lantis3 · Thursday at 8:07 PM

Found that Technitium DNS does have an Advanced Blocking APP though its DNS APP Store in its web interface, didn't try myself though.

Description:

Blocks domain names using block lists and regex block lists. Supports creating groups based on client's IP address or subnet to enforce different block lists and regex block lists for each group.

Note! This app works independent of the DNS server's built-in blocking feature. The options configured in DNS server Settings section does not apply to this app.

its example config file

JSON:

{
  "enableBlocking": true,
  "blockListUrlUpdateIntervalHours": 24,
  "localEndPointGroupMap": {
    "127.0.0.1": "bypass",
    "192.168.10.2:53": "bypass",
    "user1.dot.example.com": "kids",
    "user2.doh.example.com:443": "bypass"
  },
  "networkGroupMap": {
    "192.168.10.20": "kids",
    "0.0.0.0/0": "everyone",
    "[::]/0": "everyone"
  },
  "groups": [
    {
      "name": "everyone",
      "enableBlocking": true,
      "allowTxtBlockingReport": true,
      "blockAsNxDomain": true,
      "blockingAddresses": [
        "0.0.0.0",
        "::"
      ],
      "allowed": [],
      "blocked": [
        "example.com"
      ],
      "allowListUrls": [],
      "blockListUrls": [
        "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
      ],
      "allowedRegex": [],
      "blockedRegex": [
        "^ads\\."
      ],
      "regexAllowListUrls": [],
      "regexBlockListUrls": [],
      "adblockListUrls": []
    },
    {
      "name": "kids",
      "enableBlocking": true,
      "allowTxtBlockingReport": true,
      "blockAsNxDomain": true,
      "blockingAddresses": [
        "0.0.0.0",
        "::"
      ],
      "allowed": [],
      "blocked": [],
      "allowListUrls": [],
      "blockListUrls": [
        {
          "url": "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts",
          "blockAsNxDomain": false,
          "blockingAddresses": [
            "192.168.10.2"
          ]
        }
      ],
      "allowedRegex": [],
      "blockedRegex": [],
      "regexAllowListUrls": [],
      "regexBlockListUrls": [],
      "adblockListUrls": []
    },
    {
      "name": "bypass",
      "enableBlocking": true,
      "allowTxtBlockingReport": true,
      "blockAsNxDomain": true,
      "blockingAddresses": [
        "0.0.0.0",
        "::"
      ],
      "allowed": [],
      "blocked": [],
      "allowListUrls": [],
      "blockListUrls": [],
      "allowedRegex": [],
      "blockedRegex": [],
      "regexAllowListUrls": [],
      "regexBlockListUrls": [],
      "adblockListUrls": []
    }
  ]
}

lantis3 · Thursday at 8:34 PM

Well, found the answer for Technitium directly from author:

Someone asked the same question yesterday!

https://www.reddit.com/r/technitium/comments/1dusy1r/dns_block_all_except_approved/

Tested. I blocked everything with "*" and only allowed apple.com and cnn.com (click import in allowed tab and put the domains row by row ) and it worked!

nigelivey · Friday at 3:21 AM

MaxWebXperienZ said:
Thanks. pfsense would appeal to me but it runs on FreeBSD which was known to have backdoors from it's outset.

I think you are over egging this tbh. I would trust Pf over most router firmware as do millions of business customers.

Search

Question Hardware to Whitelist by URL?

MaxWebXperienZ

lantis3

Distinguished

MaxWebXperienZ

lantis3

Distinguished

MaxWebXperienZ

kanewolf

Titan

lantis3

Distinguished

bill001g

Titan

lantis3

Distinguished

lantis3

Distinguished

nigelivey

Splendid

TRENDING THREADS

Latest posts

Moderators online

Share this page