• How to allow or block web sites on the router


    The pcWRT router gives a lot of flexibility for configuring allowed or blocked web sites. You can allow or block a URL, a subdomain, a domain, a certain port on a domain, a port, or a port for a specific protocol.

    1. URL Filter Mode

      For URL Filter Mode, you can choose “Black List” or “White List”.

      If you choose “Black List“, the domains or URLs listed in the “Blocked URLs” box will be blocked. Everything else is allowed. And in general, yo don’t need to list the domains or URLs you want to allow in the “Allowed URLs” box.

      Unless the domain is blocked by the DNS service you choose (for example, OpenDNS). Then there’s no need to enter the domain into the “Blocked URLs” box if you want to block it. But if you want to allow a domain blocked by DNS, you do need to enter it in the “Allowed URLs” box to override the DNS block.

      If you choose “White List“, only the domains or URLs listed in the “Allowed URLs” box will be allowed. There’s no need to enter a domain or URL in the “Blocked URLs” box in order to block it. Unless you want to block a subset of what’s listed in the “Allowed URLs” box.

    2. What to enter in Blocked URLs or Allowed URLs

      You can enter the following things in the “Allowed URLs” or “Blocked URLs” box, one entry per line.

      • A domain name, such as: www.google.com. This will allow/deny access to www.google.com for all ports.
      • An upper level domain name, such as google.com. This will allow/deny all Google domains, including www.google.com, docs.google.com, m.google.com etc.
      • A top level domain name, such as com. This will allow/deny all domains under .com, such as google.com, bing.com, cnn.com, facebook.com, etc.
      • A URL, such as http://www.yahoo.com. This will allow/deny www.yahoo.com over HTTP only. It will not affect other protocols such as HTTPS (i.e., https://www.yahoo.com).
      • A URL with a path, such as http://www.yahoo.com/block/this/path. This will allow/deny the specified path on http://www.yahoo.com only. It has no effect on other paths on www.yahoo.com, or other protocols such as HTTPS. Because the path is encrypted for HTTPS, entering a path with HTTPS has no effect, i.e., the router will behave as if the entry does not exist.
      • A domain name with a port, such as m.google.com:80. This will allow/deny access to m.google.com on port 80, for both TCP and UDP.
      • A domain name with a port and protocol, such as time.windows.com:123U. This will allow/deny access to time.windows.com on UDP port 123. Or, if you enter time.windows.com:123T, then it will allow/deny time.windows.com on TCP port 123.
      • If you want to allow/deny connection over a certain port, but do not want to specify a specific domain, then you can enter the port only. For example, :123U will allow/deny UDP port 123, :23T will allow/deny TCP port 23, :53 will allow/deny port 53 on both TCP and UDP.
    3. How is block or allow determined?
      When a client device requests a URL, the router goes through the entries entered in both Allowed URLs and Blocked URLs to find the most specific match, and then determine to allow or deny access based on the URL Filter Mode. These are the rules:

      • The more specific entry wins over a less specific entry. For example, suppose you entered www.yahoo.com in Allowed URLs, but https://www.yahoo.com in Blocked URLs. When a device requests https://www.yahoo.com, it is blocked. But if http://www.yahoo.com is requested, it is allowed, because the more specific entry does not match.
      • Port takes precedence over domain. For example, suppose you entered www.google.com in Allowed URLs, but :80 in Blocked URLs. When a client requests http://www.google.com, it will be blocked. Because both entries match and the port entry takes precedence. But if a client requests https://www.google.com, it will be allowed because the port rule no longer matches.
      • Blocked URLs override Allowed URLs. You’ll never enter the same entry into both boxes, so one will always win over the other by being more specific or having higher precedence. But in case you have identical entries in both, the Blocked URLs entries override the Allowed URLs entries.

     

    As always, you don’t have to use all available options. In most cases, it suffices to simply enter domain names in either Allowed URLs or Blocked URLs. But in case you need more fine grained control, you are empowered to do so.

Leave a Reply