Filtering URLs/domains that really work.

[133794m3r]

OK, I don't get why in the world merlinwrt cannot filter a domain based upon it's url for compressed or encrypted pages, that quite literally makes no sense. So then what I want to know is, does the fork do that? Does it do it all? If the web ui doesn't allow filering of domains, I'll probably just go back to an insanely out of date openwrt build someone did aeons ago since that actually works the way it should.

 

[RMerlin]

OK, I don't get why in the world merlinwrt cannot filter a domain based upon it's url for compressed or encrypted pages, that quite literally makes no sense. So then what I want to know is, does the fork do that? Does it do it all? If the web ui doesn't allow filering of domains, I'll probably just go back to an insanely out of date openwrt build someone did aeons ago since that actually works the way it should.

That's because if the URL is encrypted, the router has no way of knowing what that URL was. That's the whole point of encryption.

 

[snakebite3]

You can use OpenDNS to filter those.

 

[133794m3r]

That's because if the URL is encrypted, the router has no way of knowing what that URL was. That's the whole point of encryption.

Well there's this magical thing called DNS, and you can cache the ip-address of the domain and use that to filter it as the rotuer knows what the ip address is for said domain.

I guess openwrt must be blocking the urls via dnsmasq then. And yeah you don't knowwhat the url _is_ but you have to know the ip-address to connect to the site, so the router itself knows it as it's the gateway and ca nthus block connections to said ip-address via dns.

I don't want to use some third-party dns server or some crap, url filter should use dns to do it's blocking, because if you're not, you're not really blocking anything.

Since 90%+ of all websites out there are using gzip compression which blocks merlinwrt from blocking them too, so the url filter is pretty much useless.

Is there an easy dnsmasq based hosts file option to filter domain names then? Because I don't know what the router is using.

I wish that openwrt worked better so that I could just use that and keep things simple but wifi never works on it for whatever reason so I had to use either asuswrt, merlinwrt and no other options.

 

[RMerlin]

Well there's this magical thing called DNS, and you can cache the ip-address of the domain and use that to filter it as the rotuer knows what the ip address is for said domain.

You mentionned "url", not "domain". They are two vastly different things. Asus's filter works on browser URLs, not hostnames.

Is there an easy dnsmasq based hosts file option to filter domain names then? Because I don't know what the router is using.

You can add entries to dnsmasq that could resolve specific hostnames to something like 127.0.0.1. That would however be trivial to bypass - just by modifying one's local host file.

 

[133794m3r]

You mentionned "url", not "domain". They are two vastly different things. Asus's filter works on browser URLs, not hostnames.



You can add entries to dnsmasq that could resolve specific hostnames to something like 127.0.0.1. That would however be trivial to bypass - just by modifying one's local host file.

I know it'd be trivial but I'm mainly using it to stop different devices in my house from annoying me. For example on my 360, to stop the ad tiles from showing themselves, since its' pointless and I already paid them for my device I don't want more ads crammed into it.

OK, I finally figured it out. I wish there'd be an option to do it via the webgui sicne merlin only includes god awful vi, but thankfully it's not emacs. I wish it included nano by deafault but I was finally able to figure out how to do a basic file after googling around and frantically pressing buttons.

 

[martinr]

....

OK, I finally figured it out. ....

Great. I'm sure no-one is more pleased than RMerlin.

 

[RMerlin]

I know it'd be trivial but I'm mainly using it to stop different devices in my house from annoying me. For example on my 360, to stop the ad tiles from showing themselves, since its' pointless and I already paid them for my device I don't want more ads crammed into it.

OK, I finally figured it out. I wish there'd be an option to do it via the webgui sicne merlin only includes god awful vi, but thankfully it's not emacs. I wish it included nano by deafault but I was finally able to figure out how to do a basic file after googling around and frantically pressing buttons.

I looked at including nano a long time ago, but its list of dependencies (requires ncurses and all the associated terminal definition for instance) made me give up on the idea, as the flash space was too tight back then, and it was taking too much space just for a text editor that very few would use.

I recommend plugging a small USB stick formatted as ext2, and setting up Entware on it. You will then be able to install nano. This is how I have my router setups personally.

 

[martinr]

.....

I recommend plugging a small USB stick formatted as ext2, and setting up Entware on it. You will then be able to install nano. This is how I have my router setups personally.

Merlin, what else do you personally have on your attached USB device(s)? These include files and packages that would otherwise be on the jffs partition (and possibly in nvram)?

I'm drawn to keeping as much as possible outside the router but don't mind having devices attached via usb eg for malicious-domain blocking etc. And not just because of your advice re JFFS:

"I do not recommend doing frequent writes to this area, as it will prematurely wear out the flash RAM. This is a good place to put files that are written once like scripts or kernel modules, or that rarely get written to. Do not put files that get constantly written to (such as logfiles) - store these on a USB disk instead. Replacing a worn out USB flash disk is much cheaper than replacing the whole router if flash sectors get worn out - they have a limited number of write cycles."

 

[RMerlin]

Merlin, what else do you personally have on your attached USB device(s)? These include files and packages that would otherwise be on the jffs partition (and possibly in nvram)?

Just Entware and the nano package. Also a few JFFS backups, temporary files that I had to exchange between router and PC, test video and music files for when I need to test out DLNA or SMB, etc...

 

[mstombs]

Why edit from the router OS? I always use winscp and notepad++ (even from Linux via wine)