Block HTTPS websites

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

gohar
Posts: 1
Joined: Thu Jan 07, 2016 2:27 am

Block HTTPS websites

Post by gohar »

Dear Fellows,
i have tp lp link 4300 router. m new to gargoyle router. it works excellent....quota option is superb.
and run time web usage is awesome.
i have a problem that this router can't restrict https websites like https://www.facebook.com and it also can't monitor the https website web usage....
any one can help plz

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Block HTTPS websites

Post by Lantis »

Please search the forum we discuss this regularly.

Last Sunday:
viewtopic.php?f=5&t=8149#p34628

That should answer your question. The example given even deals with Facebook specifically.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

anxname
Posts: 10
Joined: Thu Jan 23, 2014 3:54 pm

Re: Block HTTPS websites

Post by anxname »

Yes it is possible to block those HTTPS sites, which you want to block.

Here is the simple solution:
1. You have to connect to your gargoyle router!
Here is how you do it, if you are on windows:
Download the software WinSCP
(https://winscp.net/eng/download.php)
Then start it and add your IP of your Router and username (if not changed, than the user is: root) and your password of your gargoyle router and at the connection type, select "SCP" and click on connect.
Now you can see all folders and files on your router.

2. Here you go to /etc/dnsmasq.conf, double click on this file dnsmasq.conf and here you can add the sites you want to block, for example:

address=/ebay.com/127.0.0.1
address=/.ebay.com/127.0.0.1
address=/yahoo.com/127.0.0.1
address=/.yahoo.com/127.0.0.1

in this case it blocks the sites ebay.com and yahoo.com ;)

If you have added the sites you want to block, dont forget to save the file. After reboot of the router the sites are blocked =)
If you want you can check it. I did it a few days ago and it works better than i thought.

So now you have a solution how to block HTTPS Sites on gargoyle router, but now we have a problem that if somebody knows how to bypass the DNS settings, he can change DNS Settings and bypass the restriction. But no problem, for this we have a solution too.

To close the Bypass, go to /etc/firewall.user
and double click on this file firewall.user and add these lines in this file:

iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53

So now it doesn't matter if somebody of the clients change their DNS Settings, the sites you have created in dnsmasq.conf will be blocked ;)

I can't tell you in detail how it works, but i know that it works, because i tested this a few days ago and it works great.

I did found the solution on the openwrt forum, but a big thanks to Eric, because only through him on this site: http://gargoylerouter.com/phpbb/viewtop ... f=5&t=2811

i have learnt that gargoyle is working with dnsmasq too.
Through his answer i have learned that many other functions which are working in openwrt works on gargoyle too.
So, through this i've tried to block adds through the gargoyle firmware and this works great too =)

If you are interested, here is the solution how to block Ads through the gargoyle firmware:

1. Donwload the script to /etc/init.d/ > Klick to Download Gist!
https://gist.github.com/someon/9609363

2. Connect with Putty!
3. Make it executable:
chmod +x /etc/init.d/adblock

4. Enable it on system startup:
/etc/init.d/adblock enable

5. start it:
/etc/init.d/adblock start

This Script run in Background and updates bad Hosts list every 6 Hours.

In my case i've tried all what i have written, on the TP-Link 1043nd V.1 with gargoyle firmware 1.8.1 and evertything works better then i had expected.

Have fun with the gargoyle firmwares, they works great =)

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Block HTTPS websites

Post by Lantis »

Thanks for your detailed post :).
A few things:
1. Try not to duplicate the same post into multiple sections/threads. Just create the one and link to it from others if you require.
2. Gargoyle has an Adblock plugin, so I would say that the script you linked is redundant (they operate on the same principle).
3. I believe that this method of blocking sites will not work for anyone who can google "what is the IP address of x website" and then manually connect to it. It is a weak protection at best
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

anxname
Posts: 10
Joined: Thu Jan 23, 2014 3:54 pm

Re: Block HTTPS websites

Post by anxname »

Hello Lantis,

many thanks to your fast feedback.
To point 1: Ok, i will know it for future.
To point 2: The problem was that the built in Adblocker of gargoyle didn't worked on my devices TP-Link 1043nd (v1) and TP-Link 841n (v8), so i only shared which adblocker did help ME and may help other people too.
And that what you meant in point 3:
Yes you are right, this solution is only for people who don't know how to bypass it.
But i think, or better to say i hope, that in a few days or max. in a few weeks i will post a solution, which solves this bypass too =)
I'm sure that we can solve it, without add this whole many IP's which should be blocked.
I think we can automate it

best regards
anxname

keychi
Posts: 16
Joined: Tue Sep 11, 2012 3:19 pm
Location: POLAND
Contact:

Re: Block HTTPS websites

Post by keychi »

HTTPS have own port 443. Do you try block in firewall?
TP-LINK WDR-4300 (main router) - 1.9.2 Gargoyle
TP-LINK WR743ND in garage - 1.9.2 gargoyle
And many Chinese LB-LINK Repeater's another location

Rog66
Posts: 206
Joined: Fri Jan 04, 2013 4:53 pm

Re: Block HTTPS websites

Post by Rog66 »

This blocks access for everyone rather than targeted users. I love Gargoyle but had to switch to DD-WRT (hopefully temporarily) as the DD-WRT version of NDPI seems to be working - I can block facebook, youtube etc by category or name on a timed basis for certain machines.

Lantis very kindly provided a beta copy of the gargoyle NDPI package but it kept crashing the router and NDPI seems to have disappeared from the openwrt/LEDE package lists as well.

Note that blocking IP ranges also doesnt work if your ISP caches content (as mine does for youtube and netflix) on their own servers which will have different IP addresses.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Block HTTPS websites

Post by Lantis »

I'll try and look at what version ddwrt uses. From memory it is an older one (but it works)
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Block HTTPS websites

Post by Lantis »

HTTPS website blocking may make a bit of a comeback. Stay tuned.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

gu3d3s
Posts: 22
Joined: Mon Nov 13, 2017 7:14 am

Re: Block HTTPS websites

Post by gu3d3s »

This is music to my ears! :D :D :D :D :D

Post Reply