Knowledge Base  >   Firewall  > 

Blocking a Website by URL Content Filter and DNS Filter

This article demonstrates how to block a specific website by your router by the URL Content Filter feature. To use URL Filtering feature, you will need to 1) Create a Keyword Object 2) Create a URL Content Filter to use the Keyword Object, and (for DrayOS models) 3)Use the URL Content Filter in a Firewall Filter Rule. In this article, we will show an example of the necessary configuration for blocking the facebook site and apps.

1. Go to Objects Setting >> Keyword Object, click on an index number to edit the profile:

  1. Enter Name
  2. Enter "facebook" and "fb" at Contents (See also: Finding Out the URL Keyword to Block)
  3. Click OK to save
a screenshot of keyword object of Vigor Router

2. Go to CSM >> URL Content Filter Profile, click on a profile number to edit the profile

  1. Enter Profile Name
  2. Make sure the Priority is to Either: URL Access Control First
  3. Check Enable URL Access Control
  4. Select “Block” for Action
  5. Click Edit and select the Keyword Object created in Step 1
  6. Click OK to save
a screenshot of URL Content Filter on Vigor Router

3. Go to CSM >> DNS Filter, click on a Profile index number to edit the profile

  1. Enter Profile Name
  2. Select the profile created in the previous step for UCF
  3. Click OK to save
a screenshot of DNS Filter on Vigor Router

4. To make the URL Content Filter and DNS Filter effective, go to Firewall >> Filter Setup >> Set 2. (Default Data Filter). Click on a Filter Rule number to edit the rule:

  1. Check Enable
  2. Make sure Direction is LAN/DMZ/RT/VPN -> WAN
  3. (optional) Edit Source IP if you would like to block Facebook only for some IP address
  4. Select Filter to Pass Immediately (despite the fact that we are trying to block a page, learn more about the filter action at the article here)
  5. Select the profile created in Step 2 for URL Content Filter
  6. Select the profile created in Step 3 for DNS Filter
  7. Click OK to apply
a screenshot of Firewall Rule configuration

5. After finishing the settings, the router will block the web page when the URL contains the keyword “facebook.” It also works for HTTPS website, although the blocking page might not show due to the browser's protection for interruption of SSL connections.

a browser attempting open facebook but not available

Troubleshooting

If URL Content Filter does not work as expected, please check the following items:

  • Clear browser's cookie and history.
  • Clear the DNS cache on the computer.
  • Make sure the computer's default gateway is Vigor Router.
  • Check the DNS server of the computer: If the server is an internal DNS server, please make sure the internal DNS server's gateway is set to Vigor Router. If the server is your Vigor Router, please enable DNS Filter Local Setting in CSM >> DNS Filter instead of a Firewall Rule, and please note that DNS Filter Local Setting will apply to all LAN clients who use the router as DNS server.
a screenshot of DNS Filter Setup on DrayOS

Content Filter can block specified websites with certain keywords. This article will use Facebook as an example and demonstrate how to set up a Content Filter rule to block it by certain keywords on Vigor2136.

1. Go Configuration / Objects / Keyword Object. Click +Add to add a keyword object.

  • Enter an object name.
  • Add keywords "facebook" and "fb".

Then click Apply to save the object.

2. Go Security / Firewall Filters / Content Filters. Add a filter profile and configure it as follows.

  • Enter a profile name.
  • Check Enabled.
  • Select the keyword object created in step 1 in the Destination.
  • Choose Block for Action.
  • Check Enable Syslog for monitoring and troubleshooting.

Then click Apply to save the profile.

After finishing the settings, the router will block the web page when the URL contains the keyword “facebook.” It also works for HTTPS websites, although the blocking page might not show due to the browser's protection for interruption of SSL connections.

Troubleshooting

If URL Content Filter does not work as expected, please check the following items:
- Check if there is any block message displayed in the syslog.

If not, please make sure:

  • if the client IP is matched with the source IP range set in the firewall rule.
  • if the client traffic is passed by other firewall rule.
  • if the domain contains keywords we added to the firewall rule.
  • if the client uses DoH(DNS over HTTPS). If yes, we need to create another rule to avoid clients from using DoH to resolve the domain.
- Clear browser's cookie and history.
- Clear the DNS cache on the computer.
- Make sure the computer's default gateway is Vigor Router.
- Check the DNS server of the computer: If the server is an internal DNS server, please make sure the internal DNS server's gateway is set to Vigor Router.

1. Go to Object Setting >> Keyword/DNS Object >> Keyword Object, click Add to create a new one for facebook URL:

  1. Enter Profile name
  2. Add keyword facebook and fb into Member Table
  3. Click Apply to save.
a screenshot of Vigor3900

2. Go to Firewall >> Filter Setup >> URL/WEB Category Filter, click Add to create a new rule:

  1. Enter Profile name
  2. Check Enable
  3. Select "Enable" for Filter Https
  4. Go to Keyword Block, select the Keyword Object created in the previous step.
  5. Click Apply to save.
a screenshot of Vigor3900

3. After finishing the settings, the router will block the web page when the URL contains the keyword facebook.

a screenshot of browser showing blocking message

It also works for HTTPS website, although the blocking page might not show due to the browser's protection of for interruption of SSL connections.

a screenshot of Chrome showing Your connection is not private

Published On: 2016-05-25 

Was this helpful?   

book icon

Related Articles