I have Gargoyle 1.5.11 set up with a "default deny" rule and then a whitelist that allows parent devices all day and kid devices between certain hours. Since we've had some issues with bandwidth overages related to youtube.com, I'd also like to restrict "kid devices" from accessing that domain.
I did this by editing my whitelist rule, unchecking "All Network Access", and specifying "Website URL(s)", "Permit All Except", "Full URL contains","youtube.com". Sure enough, youtube was now blocked.
The problem is that *ALL* Google related sites are now blocked such that these devices now can't access google.com for searches or google docs for school.
I think the problem may be that all google services seem to DNS resolve to the same address. For example, on my system youtube.com, google.com, and gmail.com all resolve to IP 67.215.65.132. In case it's relevant, I'm using OpenDNS's "family shield" DNS servers at 208.67.222.123 and 208.67.220.123 as my DNS resolvers.
Can anyone confirm that Gargoyle blocks sites by I.P. rather than by actual URL string? This would make sense otherwise you could work around the block by simply entering an I.P. in the browser URL.
Is there a way to set up Gargoyle to block one Google service but not the others when they resolve to the same I.P. address?
Thanks for any help you can provide.
Blocking Youtube.com but not other Google sites
Moderator: Moderators
-
spwalmsley
- Posts: 10
- Joined: Fri Oct 25, 2013 10:10 am
-
tehpensfan
- Posts: 16
- Joined: Thu Oct 31, 2013 10:35 am
Re: Blocking Youtube.com but not other Google sites
I have the exact same problem. The firewall rules are ip based as you suspect.
I think the viable solution is to use a set of firewall rules to transparently redirect web requests from the kids devices to tinyproxy.
I'll base it on this:
http://wiki.openwrt.org/doc/howto/proxy.tinyproxy
and this older how to
http://wiki.openwrt.org/oldwiki/proxy.tinyproxy
Since I'll be using a TL-WR740N, I"ll need a custom openwrt build as the gargoyle build doesn't have room for tinyproxy unfortunately. Or maybe, good reason to upgrade to a router with more flash
When I have a chance to take a stab at this and get a working configuration, I'll post it.
I think the viable solution is to use a set of firewall rules to transparently redirect web requests from the kids devices to tinyproxy.
I'll base it on this:
http://wiki.openwrt.org/doc/howto/proxy.tinyproxy
and this older how to
http://wiki.openwrt.org/oldwiki/proxy.tinyproxy
Since I'll be using a TL-WR740N, I"ll need a custom openwrt build as the gargoyle build doesn't have room for tinyproxy unfortunately. Or maybe, good reason to upgrade to a router with more flash
When I have a chance to take a stab at this and get a working configuration, I'll post it.
-
1 x WRT54GL v1.1 Gargoyle 1.5.6
1 x TL-WR740N v4.23 Gargoyle 1.6.2
1 x TL-WR740N v4.26 Gargoyle 1.5.11
1 x TL-WR740N v4.26 Gargoyle 1.8.1
1 x TL-WDR3600 v1.3 Gargoyle 1.5.11
1 x WRT54GL v1.1 Gargoyle 1.5.6
1 x TL-WR740N v4.23 Gargoyle 1.6.2
1 x TL-WR740N v4.26 Gargoyle 1.5.11
1 x TL-WR740N v4.26 Gargoyle 1.8.1
1 x TL-WDR3600 v1.3 Gargoyle 1.5.11
Re: Blocking Youtube.com but not other Google sites
This is exactly my problem. Has any solution been found? It would be nice if it could whitelist sites based on URL as well as IP address.
Re: Blocking Youtube.com but not other Google sites
For me also. I want block youtube only for my son daily for some hours.
I have router with Gargoyle 1.7.1. I can manually install tinyproxy but there no plugin for GUI and tinyproxy works all the time.
I have router with Gargoyle 1.7.1. I can manually install tinyproxy but there no plugin for GUI and tinyproxy works all the time.
TP-Link Archer C7 v2 = OpenWrt CC
TP-Link TL-WR842ND v1 = Gargoyle 1.9.X
TL-WA850RE = Gargoyle 1.9.X
TP-Link TL-WR842ND v1 = Gargoyle 1.9.X
TL-WA850RE = Gargoyle 1.9.X