This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
restrictions [2012/08/10 16:31] eric created |
restrictions [2019/02/24 20:15] (current) lantis [Access Restrictions] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Access Restrictions ====== | ====== Access Restrictions ====== | ||
+ | |||
+ | Access Restriction up until 1.10.0 only blocked http Traffic. Version 1.11.0 and above now blocks http and https (encrypted) traffic. | ||
+ | |||
+ | This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic. | ||
+ | SNI is supported by all major browsers and has been gaining proliferation since the mid 2000' | ||
+ | |||
+ | ===== How To Add A Restriction ===== | ||
+ | In this example, the router will block youtube from 192.168.1.50 - 192.168.1.60. | ||
+ | |||
+ | * Visit Firewall -> Restrictions. | ||
+ | |||
+ | |||
+ | * Name your new rule (here its ' | ||
+ | |||
+ | |||
+ | * Enter the IP address range (text will be red if incomplete or invalid; black when valid) | ||
+ | |||
+ | |||
+ | {{: | ||
+ | |||
+ | * Click the ' | ||
+ | |||
+ | |||
+ | * Deselect the 'All Network Accesss' | ||
+ | |||
+ | |||
+ | {{: | ||
+ | |||
+ | * Under Website URL(s), select 'Block Only' | ||
+ | |||
+ | |||
+ | * Select ' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * Click the ' | ||
+ | |||
+ | |||
+ | * Click on the 'Add Rule' button to signify you are done editing the rule | ||
+ | |||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | * The rule has been successfully entered when the name is in the table under ' | ||
+ | |||
+ | * Once you done will all your rules, click on the 'Save Changes' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | === Note === | ||
+ | connections through the router may be temporarily disrupted during the firewall update process, so don't try an OTA firmware update of your iPhone. |