Page 1 of 3

Block HTTPS websites

Posted: Thu Jan 07, 2016 2:42 am
by gohar
Dear Fellows,
i have tp lp link 4300 router. m new to gargoyle router. it works excellent....quota option is superb.
and run time web usage is awesome.
i have a problem that this router can't restrict https websites like https://www.facebook.com and it also can't monitor the https website web usage....
any one can help plz

Re: Block HTTPS websites

Posted: Thu Jan 07, 2016 4:00 am
by Lantis
Please search the forum we discuss this regularly.

Last Sunday:
viewtopic.php?f=5&t=8149#p34628

That should answer your question. The example given even deals with Facebook specifically.

Re: Block HTTPS websites

Posted: Sat Dec 17, 2016 1:12 pm
by anxname
Yes it is possible to block those HTTPS sites, which you want to block.

Here is the simple solution:
1. You have to connect to your gargoyle router!
Here is how you do it, if you are on windows:
Download the software WinSCP
(https://winscp.net/eng/download.php)
Then start it and add your IP of your Router and username (if not changed, than the user is: root) and your password of your gargoyle router and at the connection type, select "SCP" and click on connect.
Now you can see all folders and files on your router.

2. Here you go to /etc/dnsmasq.conf, double click on this file dnsmasq.conf and here you can add the sites you want to block, for example:

address=/ebay.com/127.0.0.1
address=/.ebay.com/127.0.0.1
address=/yahoo.com/127.0.0.1
address=/.yahoo.com/127.0.0.1

in this case it blocks the sites ebay.com and yahoo.com ;)

If you have added the sites you want to block, dont forget to save the file. After reboot of the router the sites are blocked =)
If you want you can check it. I did it a few days ago and it works better than i thought.

So now you have a solution how to block HTTPS Sites on gargoyle router, but now we have a problem that if somebody knows how to bypass the DNS settings, he can change DNS Settings and bypass the restriction. But no problem, for this we have a solution too.

To close the Bypass, go to /etc/firewall.user
and double click on this file firewall.user and add these lines in this file:

iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53

So now it doesn't matter if somebody of the clients change their DNS Settings, the sites you have created in dnsmasq.conf will be blocked ;)

I can't tell you in detail how it works, but i know that it works, because i tested this a few days ago and it works great.

I did found the solution on the openwrt forum, but a big thanks to Eric, because only through him on this site: http://gargoylerouter.com/phpbb/viewtop ... f=5&t=2811

i have learnt that gargoyle is working with dnsmasq too.
Through his answer i have learned that many other functions which are working in openwrt works on gargoyle too.
So, through this i've tried to block adds through the gargoyle firmware and this works great too =)

If you are interested, here is the solution how to block Ads through the gargoyle firmware:

1. Donwload the script to /etc/init.d/ > Klick to Download Gist!
https://gist.github.com/someon/9609363

2. Connect with Putty!
3. Make it executable:
chmod +x /etc/init.d/adblock

4. Enable it on system startup:
/etc/init.d/adblock enable

5. start it:
/etc/init.d/adblock start

This Script run in Background and updates bad Hosts list every 6 Hours.

In my case i've tried all what i have written, on the TP-Link 1043nd V.1 with gargoyle firmware 1.8.1 and evertything works better then i had expected.

Have fun with the gargoyle firmwares, they works great =)

Re: Block HTTPS websites

Posted: Sat Dec 17, 2016 2:44 pm
by Lantis
Thanks for your detailed post :).
A few things:
1. Try not to duplicate the same post into multiple sections/threads. Just create the one and link to it from others if you require.
2. Gargoyle has an Adblock plugin, so I would say that the script you linked is redundant (they operate on the same principle).
3. I believe that this method of blocking sites will not work for anyone who can google "what is the IP address of x website" and then manually connect to it. It is a weak protection at best

Re: Block HTTPS websites

Posted: Sat Dec 17, 2016 8:27 pm
by anxname
Hello Lantis,

many thanks to your fast feedback.
To point 1: Ok, i will know it for future.
To point 2: The problem was that the built in Adblocker of gargoyle didn't worked on my devices TP-Link 1043nd (v1) and TP-Link 841n (v8), so i only shared which adblocker did help ME and may help other people too.
And that what you meant in point 3:
Yes you are right, this solution is only for people who don't know how to bypass it.
But i think, or better to say i hope, that in a few days or max. in a few weeks i will post a solution, which solves this bypass too =)
I'm sure that we can solve it, without add this whole many IP's which should be blocked.
I think we can automate it

best regards
anxname

Re: Block HTTPS websites

Posted: Sat Apr 29, 2017 5:37 am
by keychi
HTTPS have own port 443. Do you try block in firewall?

Re: Block HTTPS websites

Posted: Sat Jul 29, 2017 7:14 am
by Rog66
This blocks access for everyone rather than targeted users. I love Gargoyle but had to switch to DD-WRT (hopefully temporarily) as the DD-WRT version of NDPI seems to be working - I can block facebook, youtube etc by category or name on a timed basis for certain machines.

Lantis very kindly provided a beta copy of the gargoyle NDPI package but it kept crashing the router and NDPI seems to have disappeared from the openwrt/LEDE package lists as well.

Note that blocking IP ranges also doesnt work if your ISP caches content (as mine does for youtube and netflix) on their own servers which will have different IP addresses.

Re: Block HTTPS websites

Posted: Sat Jul 29, 2017 7:40 am
by Lantis
I'll try and look at what version ddwrt uses. From memory it is an older one (but it works)

Re: Block HTTPS websites

Posted: Sun Feb 11, 2018 6:12 am
by Lantis
HTTPS website blocking may make a bit of a comeback. Stay tuned.

Re: Block HTTPS websites

Posted: Sun Feb 11, 2018 10:22 am
by gu3d3s
This is music to my ears! :D :D :D :D :D