Gargoyle Wiki

User Tools

Site Tools

Trace: client_ap_mode
restrictions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
restrictions [2013/10/10 22:14]
bashfulbladder created 		restrictions [2019/02/24 20:15] (current)
lantis [Access Restrictions]
Line 1: Line 1:
 ====== Access Restrictions ====== ====== Access Restrictions ======
 +
 +Access Restriction up until 1.10.0 only blocked http Traffic. Version 1.11.0 and above now blocks http and https (encrypted) traffic. 
 +
 +This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic.
 +SNI is supported by all major browsers and has been gaining proliferation since the mid 2000's.
  
 ===== How To Add A Restriction ===== ===== How To Add A Restriction =====
Line 5: Line 10:
  
 * Visit Firewall -> Restrictions. * Visit Firewall -> Restrictions.
 +
  
 * Name your new rule (here its 'youtube') * Name your new rule (here its 'youtube')
 +
  
 * Enter the IP address range (text will be red if incomplete or invalid; black when valid) * Enter the IP address range (text will be red if incomplete or invalid; black when valid)
 +
 +
 +{{:restrictionsyou1.png?580|}}
  
 * Click the 'Add' button next to the IP address or range (A new table is added to the webpage) * Click the 'Add' button next to the IP address or range (A new table is added to the webpage)
 +
  
 * Deselect the 'All Network Accesss' checkbox which reveals a number of drop down menus. * Deselect the 'All Network Accesss' checkbox which reveals a number of drop down menus.
 +
 +
 +{{:restrictionsyou2.png?580|}}
  
 * Under Website URL(s), select 'Block Only' * Under Website URL(s), select 'Block Only'
Line 19: Line 33:
 * Select 'Domain contains' and enter 'youtube' * Select 'Domain contains' and enter 'youtube'
  
-8. Click the 'Add' button next to 'youtube' & a new table will be added to the page+{{:restrictionsyou3.png?580|}} 
 + 
 +Click the 'Add' button next to 'youtube' & a new table will be added to the page 
  
 * Click on the 'Add Rule' button to signify you are done editing the rule * Click on the 'Add Rule' button to signify you are done editing the rule
 +
 +
 +{{:restrictionsyou4.png?580|}}
  
  
Line 27: Line 47:
  
 * Once you done will all your rules, click on the 'Save Changes' button on the bottom of the page. It will take awhile for the firewall to be updated & the UI become responsive again. * Once you done will all your rules, click on the 'Save Changes' button on the bottom of the page. It will take awhile for the firewall to be updated & the UI become responsive again.
 +
 +{{:restrictionsyou5.png?580|}}
  
 === Note === === Note ===
 connections through the router may be temporarily disrupted during the firewall update process, so don't try an OTA firmware update of your iPhone. connections through the router may be temporarily disrupted during the firewall update process, so don't try an OTA firmware update of your iPhone.
restrictions.1381443249.txt.gz · Last modified: 2013/10/10 22:14 by bashfulbladder

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki