Gargoyle Wiki

User Tools

Site Tools

Trace:
restrictions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
restrictions [2012/08/10 16:31]
eric created 		restrictions [2019/02/24 20:15] (current)
lantis [Access Restrictions]
Line 1: Line 1:
 ====== Access Restrictions ====== ====== Access Restrictions ======
 +
 +Access Restriction up until 1.10.0 only blocked http Traffic. Version 1.11.0 and above now blocks http and https (encrypted) traffic. 
 +
 +This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic.
 +SNI is supported by all major browsers and has been gaining proliferation since the mid 2000's.
 +
 +===== How To Add A Restriction =====
 +In this example, the router will block youtube from 192.168.1.50 - 192.168.1.60.
 +
 +* Visit Firewall -> Restrictions.
 +
 +
 +* Name your new rule (here its 'youtube')
 +
 +
 +* Enter the IP address range (text will be red if incomplete or invalid; black when valid)
 +
 +
 +{{:restrictionsyou1.png?580|}}
 +
 +* Click the 'Add' button next to the IP address or range (A new table is added to the webpage)
 +
 +
 +* Deselect the 'All Network Accesss' checkbox which reveals a number of drop down menus.
 +
 +
 +{{:restrictionsyou2.png?580|}}
 +
 +* Under Website URL(s), select 'Block Only'
 +
 +
 +* Select 'Domain contains' and enter 'youtube'
 +
 +{{:restrictionsyou3.png?580|}}
 +
 +* Click the 'Add' button next to 'youtube' & a new table will be added to the page
 +
 +
 +* Click on the 'Add Rule' button to signify you are done editing the rule
 +
 +
 +{{:restrictionsyou4.png?580|}}
 +
 +
 +* The rule has been successfully entered when the name is in the table under 'Current Restrictions'.
 +
 +* Once you done will all your rules, click on the 'Save Changes' button on the bottom of the page. It will take awhile for the firewall to be updated & the UI become responsive again.
 +
 +{{:restrictionsyou5.png?580|}}
 +
 +=== Note ===
 +connections through the router may be temporarily disrupted during the firewall update process, so don't try an OTA firmware update of your iPhone.
restrictions.1344616316.txt.gz ยท Last modified: 2012/08/10 16:31 by eric

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki