We have launched the new version of the DrayTek website, and this content is no longer being maintained.
You will find more information on our new site; however, we will keep this page for a few months.

How to block a HTTPS website by URL Filter and DNS Filter?

This video was presented by DrayTek Aust & NZ

This document introduces how to block a HTTPS website with URL Filter and DNS Filter. For HTTP websites, we use URL filter to block websites with certain keyword in its URL. But when it comes to HTTPS websites, URL Filter might not recognize them since the packets are encrypted. Therefore, DNS Filter is required to help sorting the packets.

In this note, we take blocking facebook pages for example.

1. Create a Keyword Object Profile at Objects Setting >> Keyword Object. Click on an Index number.

  1. Enter profile Name
  2. Enter the Contents of the URL.
  3. Click OK to save.
a screenshot of Keyword Object on DrayOS    

2. Create a URL Content Filter Profile at CSM >> URL Content Filter Profile. Click on a Profile number.

  1. Enter Profile Name
  2. Select Priority as “Either: URL Access Control First”
  3. Enable URL Access Control
  4. Select URL Access Control Action as “Block”
  5. Click Edit and select the Keyword Object created in Step 1.
  6. Click OK to save.
a screenshot of URL Filter profile on DrayOS    

3. Create a DNS Profile at CSM >> DNS Filter. Click on a Profile number in DNS Filter Profile Table.

  1. Enter Profile Name
  2. Select UCF as the URL Content Filter Profile created in Step 2.
  3. Click OK to save.
a screenshot of DNS Filter on DrayOS    

4. Apply the URL Content Filter and DNS Filter to a Firewall Rule. Go to Firewall Rule >> Filter Setup >> Set 2. Click on a Filter Rule number.

  1. Enable the Filter Rule.
  2. Edit the Source IP to which this Firewall Rule should apply.
  3. Select Filter as Pass Immediately.
  4. Select URL Content Filter as the profile we created in Step 2.
  5. Select DNS Filter as the profile created in Step 3.
  6. Click OK to apply.
a screenshot of Firewall Filter Rule on DrayOS    

5. After the above configuration, “www.facebook.com” with both http and https will be blocked. We will get a error message when we try to access the website. From the message, we can see that “http://www.facebook.com” is blocked by URL Content Filter.

a screenshot of a browser showing the website has been blocked    

And “https://www.facebook.com” is blocked by DNS Filter.

a screenshot of a browser showing the website has been blocked    

Note: The message can be edit in “Administration Message” in CSM >> DNS Filter Profile. However, the message might not be shown due to security concern of the browser.

 

Trouble-shooting:

If DNS Filter is not working, please do “nslookup” and check the DNS server of your computer.

a screenshot of a PC running nslookup command    
  1. If the server is a public DNS server, please make sure the computer's gateway is set to Vigor Router. Please also check if  there is  another Filter Rule that may pass the packet already.
  2. If the server is an internal DNS server, please make sure the internal DNS server's gateway is set to Vigor Router.
  3. If the server is your Vigor Router, please enable DNS Filter Local setting in CSM >> DNS Filterinstead of applying DNS Filter Profile to a Firewall Rule, and please note that DNS Filter Local Setting will apply to all LAN clients who use the router as DNS server.
a screenshot of DNS Filter Setup on DrayOS    

 

 

Was this article helpful?
25How to block a HTTPS website by URL Filter and DNS Filter? has been viewed------ 25 ------times.