The pcWRT router gives a lot of flexibility for configuring allowed or blocked web sites. You can allow or block a URL, a subdomain, a domain, a certain port on a domain, a port, or a port for a specific protocol.
For URL Filter Mode, you can choose “Black List” or “White List”.
If you choose “Black List“, the domains or URLs listed in the “Blocked URLs” box will be blocked. Everything else is allowed. And in general, yo don’t need to list the domains or URLs you want to allow in the “Allowed URLs” box.
Unless the domain is blocked by the DNS service you choose (for example, OpenDNS). Then there’s no need to enter the domain into the “Blocked URLs” box if you want to block it. But if you want to allow a domain blocked by DNS, you do need to enter it in the “Allowed URLs” box to override the DNS block.
If you choose “White List“, only the domains or URLs listed in the “Allowed URLs” box will be allowed. There’s no need to enter a domain or URL in the “Blocked URLs” box in order to block it. Unless you want to block a subset of what’s listed in the “Allowed URLs” box.
You can enter the following things in the “Allowed URLs” or “Blocked URLs” box, one entry per line.
www.google.com
. This will allow/deny access to www.google.com for all ports.google.com
. This will allow/deny all Google domains, including www.google.com, docs.google.com, m.google.com etc.com
. This will allow/deny all domains under .com, such as google.com, bing.com, cnn.com, facebook.com, etc.http://www.yahoo.com
. This will allow/deny www.yahoo.com over HTTP only. It will not affect other protocols such as HTTPS (i.e., https://www.yahoo.com).http://www.yahoo.com/block/this/path
. This will allow/deny the specified path on http://www.yahoo.com only. It has no effect on other paths on www.yahoo.com, or other protocols such as HTTPS. Because the path is encrypted for HTTPS, entering a path with HTTPS has no effect, i.e., the router will behave as if the entry does not exist.m.google.com:80
. This will allow/deny access to m.google.com on port 80, for both TCP and UDP.time.windows.com:123U
. This will allow/deny access to time.windows.com on UDP port 123. Or, if you enter time.windows.com:123T
, then it will allow/deny time.windows.com on TCP port 123.:123U
will allow/deny UDP port 123, :23T
will allow/deny TCP port 23, :53
will allow/deny port 53 on both TCP and UDP.:3000-4000
, :3000-4000U
, somedomain:3000-4000T
, etc.~
. For example, if you enter ~pinterest.
in the Black List, all pinterest domains will be blocked (i.e., pinterest.com
, pinterest.es
, pinterest.jp
etc.).
In fact, you can enter a POSIX Extended regular expression after the tilde. Except that the meaning of .
is reversed, i.e., .
matches the literal dot, while \.
matches any one character. The above example can be more accurately written as ~^pinterest.
Correction: The expression ~^pinterest.
actually does not block Pinterest, because Pinterest web sites are accessed via www.pinterest.xx. The character “^” matches the “beginning of line”, thus ~^pinterest.
will not match www.pinterest.xx. The proper expression should be ~\<pinterest.
, where “\<” matches the “beginning of a word”.
For example, if you want to block “ads.somedomain.com
” as ad, you’d enter “ads.somedomain.com!A
“. Without the “!A” suffix, the entry would be a normal block. With it, the entry is an ad block.
These are the differences between a normal block and an ad block:
www.yahoo.com
in Allowed URLs, but https://www.yahoo.com
in Blocked URLs. When a device requests https://www.yahoo.com, it is blocked. But if http://www.yahoo.com is requested, it is allowed, because the more specific entry does not match.www.google.com
in Allowed URLs, but :80
in Blocked URLs. When a client requests http://www.google.com, it will be blocked. Because both entries match and the port entry takes precedence. But if a client requests https://www.google.com, it will be allowed because the port rule no longer matches.
As always, you don’t have to use all available options. In most cases, it suffices to simply enter domain names in either Allowed URLs or Blocked URLs. But in case you need more fine grained control, you are empowered to do so.
Great guide, but i have a problem with the partial domain. Can you describe it better?
For example, if i want to block “pinterest”, what i have to write? ~pinterest or ~^pinterest”?
What’s the difference?
I read the link you posted about BSD but it’s difficult.
Can you extend the paragraph to better describe it, with much more example?
What are all the possibility that you give us for to block a partial domain?
What other characters, other than ~ and ^ can i put? Can you make an example one by one?
I need to understand this thing, thanks.
Regular Expression is very powerful but it could be overwhelming to a beginner. Even the pros find it difficult sometimes. The good news is, most of the times you don’t need to use its full power.
Without the beginning tilde, the black/white list does exact match as usual. With the beginning tilde, it does the “approximate” match by matching the entered text as a regular expression.
Take pinterest for example, if you simply enter “~pinterest”, then all domains containing the string “pinterest” will be blocked, including pinterest.com, pineresting.com, notpinteresting.com.
If you enter “~pinterest.”, then pineresting.com and notpinteresting.com will not be blocked. But notpinterest.com is still blocked. To avoid that, you can enter “~\<pinterest.”, where the special character sequence “\<” matches the “beginning of a word”.
However, for all practical purposes, the simple expression “~pinterest.” works well enough.
I don’t know what it is, but maybe it’s a bug.
When you type “~\<pinterest." and save, then just refesh the page.
The character "\" has disappeared.
The page will show you only "~<pinterest."
There was a bug in displaying the \. This has been fixed as of v2.0.5.