We are looking for some assistance we have a BPL ONE unit with latest 7.0.2 firmware setup for a customer, and are trying to use the website blocking feature to block a specific website such as https://www.facebook.com but allow the site for certain managers that work within the company.
I understand this capability is working fully for HTTP requests, but for HTTPS traffic there is a forum that mentions to use a Firewall rule, but this method would block all requests / all traffic to the site/IP whereby we want it only for a certain user set and want to exempt some users.
Does anyone have a suggestion / work around on how we can block these HTTPS sites and still allow them for some users ?
Well, here’s one idea … Set up Set up two subnets, say one for “employees” and one for “guests.” Then, have them point to two different DNS servers. We use “PiHole” (https://pi-hole.net/) in several locations. The PiHole points to a major upstream DNS e.g., Quad9, OpenDNS or Google, but one can easily configure both black lists (*.facebook.com is on at least one black list – at owner’s request) and white lists. As of this morning there are more than 107,000 web sites in the pro-configured list and we regularly see more than 40% of DNS inquiries blocked – a huge reduction in traffic and annoyances.
Now, if you have a cadre of adept users out there, many of them will know to specify the IP address directly when surfing rather than the name that will be resolved by the DNS process. But the crap-ware/ads/etc called by other pages will still be eliminated. Or, they can change the DNS address on their client/device if they’re really crafty.
YMMV, but we’re real fans of this solution. For the price of a Raspberry pi, an hour of one’s time and a donation to the authors we see real “bang for the buck.” I’s definitely not as “sure” as having a router block an address but it’ll get you most of the way were you want to go.
1 Like