Access Restriction up until 1.10.0 only blocked http Traffic. Version 1.11.0 and above now blocks http and https (encrypted) traffic.
This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic. SNI is supported by all major browsers and has been gaining proliferation since the mid 2000's.
In this example, the router will block youtube from 192.168.1.50 - 192.168.1.60.
* Visit Firewall → Restrictions.
* Name your new rule (here its 'youtube')
* Enter the IP address range (text will be red if incomplete or invalid; black when valid)
* Click the 'Add' button next to the IP address or range (A new table is added to the webpage)
* Deselect the 'All Network Accesss' checkbox which reveals a number of drop down menus.
* Under Website URL(s), select 'Block Only'
* Select 'Domain contains' and enter 'youtube'
* Click the 'Add' button next to 'youtube' & a new table will be added to the page
* Click on the 'Add Rule' button to signify you are done editing the rule
* The rule has been successfully entered when the name is in the table under 'Current Restrictions'.
* Once you done will all your rules, click on the 'Save Changes' button on the bottom of the page. It will take awhile for the firewall to be updated & the UI become responsive again.
connections through the router may be temporarily disrupted during the firewall update process, so don't try an OTA firmware update of your iPhone.