Question on blocking websites

I would like to block websites/domains and there seem to be two competing mechanisms. What are the pros/cons of each?

I am looking to block *.xyz.xyz.com both from HTTP and HTTPS and anything else for that matter.

One way is an outbound firewall rule with a destination of a domain name
advanced -> access rules -> Outbound firewall rules -> Destination IP and Port -> Domain name

The other way is web blocking

advanced -> content blocking -> web blocking -> Customized domain

The manual and UI say that web blocking with a customized domain does **not **block HTTPS. There is no documentation in the Surf SOHO User Manual from Jan. 2016 for firmware 6.3 about using a Domain name in an outbound firewall rule. Does that block HTTPS?

I realize that I could also front end (my term) DNS in the router and assign xyz.xyz.com to 127.0.0.1. I would expect that would block HTTPS. True? However, I really want to block *anything *that ends with xyz.xyz.com and I dont think this would block aaa.xyz.xyz.com and bbb.xyz.xyz.com.

Thank you.

Hi Michael,

Look like you having some query for Firewall Domain Rule Block VS Content Blocking.

Firewall –> Access Rules –> Domain Name rules

• Firewall Domain Rule will block what ever Protocols/Service Port defined.
  

  

  732×343 20.6 KB
  
  

• How the Domain Rule actually work:

• DNS resolve (IP address) by clients related to the defined domain name will be buffer for the blocking

**Firewall –> Content Blocking **

• Content blocking will consider as application level blocking feature that block base on the domain that use for the internet browsing. Content blocking will check on the URL that browse by clients to decide the blocking.

• HTTPS is not supported for content blocking

Thank You