The pcWRT router gives a lot of flexibility for configuring allowed or blocked web sites. You can allow or block a URL, a subdomain, a domain, a certain port on a domain, a port, or a port for a specific protocol.
For URL Filter Mode, you can choose “Black List” or “White List”.
If you choose “Black List“, the domains or URLs listed in the “Blocked URLs” box will be blocked. Everything else is allowed. And in general, yo don’t need to list the domains or URLs you want to allow in the “Allowed URLs” box.
Unless the domain is blocked by the DNS service you choose (for example, OpenDNS). Then there’s no need to enter the domain into the “Blocked URLs” box if you want to block it. But if you want to allow a domain blocked by DNS, you do need to enter it in the “Allowed URLs” box to override the DNS block.
If you choose “White List“, only the domains or URLs listed in the “Allowed URLs” box will be allowed. There’s no need to enter a domain or URL in the “Blocked URLs” box in order to block it. Unless you want to block a subset of what’s listed in the “Allowed URLs” box.
You can enter the following things in the “Allowed URLs” or “Blocked URLs” box, one entry per line.
www.google.com. This will allow/deny access to www.google.com for all ports.
google.com. This will allow/deny all Google domains, including www.google.com, docs.google.com, m.google.com etc.
com. This will allow/deny all domains under .com, such as google.com, bing.com, cnn.com, facebook.com, etc.
http://www.yahoo.com. This will allow/deny www.yahoo.com over HTTP only. It will not affect other protocols such as HTTPS (i.e., https://www.yahoo.com).
http://www.yahoo.com/block/this/path. This will allow/deny the specified path on http://www.yahoo.com only. It has no effect on other paths on www.yahoo.com, or other protocols such as HTTPS. Because the path is encrypted for HTTPS, entering a path with HTTPS has no effect, i.e., the router will behave as if the entry does not exist.
m.google.com:80. This will allow/deny access to m.google.com on port 80, for both TCP and UDP.
time.windows.com:123U. This will allow/deny access to time.windows.com on UDP port 123. Or, if you enter
time.windows.com:123T, then it will allow/deny time.windows.com on TCP port 123.
:123Uwill allow/deny UDP port 123,
:23Twill allow/deny TCP port 23,
:53will allow/deny port 53 on both TCP and UDP.
~. For example, if you enter
~pinterest.in the Black List, all pinterest domains will be blocked (i.e.,
In fact, you can enter a POSIX Extended regular expression after the tilde. Except that the meaning of
. is reversed, i.e.,
. matches the literal dot, while
\. matches any one character. The above example can be more accurately written as
Correction: The expression
~^pinterest. actually does not block Pinterest, because Pinterest web sites are accessed via www.pinterest.xx. The character “^” matches the “beginning of line”, thus
~^pinterest. will not match www.pinterest.xx. The proper expression should be
~\<pinterest., where “\<” matches the “beginning of a word”.
For example, if you want to block “
ads.somedomain.com” as ad, you’d enter “
ads.somedomain.com!A“. Without the “!A” suffix, the entry would be a normal block. With it, the entry is an ad block.
These are the differences between a normal block and an ad block:
www.yahoo.comin Allowed URLs, but
https://www.yahoo.comin Blocked URLs. When a device requests https://www.yahoo.com, it is blocked. But if http://www.yahoo.com is requested, it is allowed, because the more specific entry does not match.
www.google.comin Allowed URLs, but
:80in Blocked URLs. When a client requests http://www.google.com, it will be blocked. Because both entries match and the port entry takes precedence. But if a client requests https://www.google.com, it will be allowed because the port rule no longer matches.
As always, you don’t have to use all available options. In most cases, it suffices to simply enter domain names in either Allowed URLs or Blocked URLs. But in case you need more fine grained control, you are empowered to do so.