How to block all social networking websites using a Web Content Filter?
We are starting to publish a series of articles about Draytek equipment with a description of cases and the necessary settings for various tasks. We hope that these articles will be useful to you. So, let's begin:
Facebook or other encrypted HTTPS sites can be blocked using the URL Content Filter and the DNS Filter. However, if we want to block all social networking websites, the Web Content Filter is the best choice.
Web Content Filter is a simple category-based filter that helps network administrators effectively monitor Internet usage to satisfy all business needs. It shows how to use Web Content Filter and DNS Filter and block all social networking websites.
')
1. Go to CSM >> Web Content Filter Profile (CSM >> Web Content Filter Profile).
a. Make sure the Cyren license is activated. (Check: “How to register my Vigor router and activate the free WCF Trial license?” ).
b. Click Index 2 to install the profile.
2. In order to install the Web Content Filter profile, you must perform the following steps:
a. Edit the profile name (profile name), in this case, we enter the name Social Network (Social Network)
b. Select action type Block (Block)
c. Select Social Network in Categories
3. Go to CMS >> DNS Filter (CMS >> DNS Filter) and activate DNS Filter
a. Click on the Profile Index number in the DNS Filter Profile Table.
b. Enter Profile Name
c. Choose WCF as the Web Content Filter Profile created in Step 2
d. Click OK and save
If the LAN client uses the Vigor Router as the DNS server, remember to use the DNS Filter Local Setting shown in the figure below. Read the article: “What is the difference between DNS Filter Profile and DNS Filter Local Setting?”. And find out more.
4. To apply Web Content Filter and DNS Filter, go to Firewall >> Install Filter >> Step 2. (Default Data Filter)
a. Click on the number of the Filter Rule.
b. Activate the Filter Rule
c. Edit the IP Source if you want to block only some IP of social networks.
d. Select Filter as Pass Immediately (Pass Now)
e. Select Web Content Filter as the profile created in Step 2
f. Select DNS Filter as the profile created in Step 3
g. Click OK and save
5. After completing the above settings, all social networking websites will be blocked using Web Content Filter and DNS Filter with Vigor Router , even if the website uses HTTPS. In the picture below you see blocked Facebook, Instagram and Twitter.
Correction of problems:
If websites are not blocked as expected, please do the following:
1. Clear browser cookies and history.
2. Clear the DNS cache on the computer, for Windows users, this can be done by entering the command "ipconfig / flushd" in the command line.
3. Make sure the default gateway is Vigor Router.
4. Check the computer's DNS server, enter "nslookup" and check the DNS server of your computer.
a. If the server is an open DNS server, make sure the computer's gateway is set to Router Vigor . Also check if there is another Filter Rule that may already pass the packet.
b. If the server is an internal DNS server, make sure that the internal DNS server gateway is installed on the Vigor router.
c. If the server is “Your Vigor Router”, enable the DNS Filter Local setting in CSM >> DNS Filter (Local DNS filter settings >> DNS Filter) instead of using the DNS Filter Profile for the Firewall Rule and note That the DNS Filter Local Setting will be applied to all clients on the local network that use the router as the DNS server.
Facebook or other encrypted HTTPS sites can be blocked using the URL Content Filter and the DNS Filter. However, if we want to block all social networking websites, the Web Content Filter is the best choice.
Web Content Filter is a simple category-based filter that helps network administrators effectively monitor Internet usage to satisfy all business needs. It shows how to use Web Content Filter and DNS Filter and block all social networking websites.
')
1. Go to CSM >> Web Content Filter Profile (CSM >> Web Content Filter Profile).
a. Make sure the Cyren license is activated. (Check: “How to register my Vigor router and activate the free WCF Trial license?” ).
b. Click Index 2 to install the profile.
2. In order to install the Web Content Filter profile, you must perform the following steps:
a. Edit the profile name (profile name), in this case, we enter the name Social Network (Social Network)
b. Select action type Block (Block)
c. Select Social Network in Categories
3. Go to CMS >> DNS Filter (CMS >> DNS Filter) and activate DNS Filter
a. Click on the Profile Index number in the DNS Filter Profile Table.
b. Enter Profile Name
c. Choose WCF as the Web Content Filter Profile created in Step 2
d. Click OK and save
If the LAN client uses the Vigor Router as the DNS server, remember to use the DNS Filter Local Setting shown in the figure below. Read the article: “What is the difference between DNS Filter Profile and DNS Filter Local Setting?”. And find out more.
4. To apply Web Content Filter and DNS Filter, go to Firewall >> Install Filter >> Step 2. (Default Data Filter)
a. Click on the number of the Filter Rule.
b. Activate the Filter Rule
c. Edit the IP Source if you want to block only some IP of social networks.
d. Select Filter as Pass Immediately (Pass Now)
e. Select Web Content Filter as the profile created in Step 2
f. Select DNS Filter as the profile created in Step 3
g. Click OK and save
5. After completing the above settings, all social networking websites will be blocked using Web Content Filter and DNS Filter with Vigor Router , even if the website uses HTTPS. In the picture below you see blocked Facebook, Instagram and Twitter.
Correction of problems:
If websites are not blocked as expected, please do the following:
1. Clear browser cookies and history.
2. Clear the DNS cache on the computer, for Windows users, this can be done by entering the command "ipconfig / flushd" in the command line.
3. Make sure the default gateway is Vigor Router.
4. Check the computer's DNS server, enter "nslookup" and check the DNS server of your computer.
a. If the server is an open DNS server, make sure the computer's gateway is set to Router Vigor . Also check if there is another Filter Rule that may already pass the packet.
b. If the server is an internal DNS server, make sure that the internal DNS server gateway is installed on the Vigor router.
c. If the server is “Your Vigor Router”, enable the DNS Filter Local setting in CSM >> DNS Filter (Local DNS filter settings >> DNS Filter) instead of using the DNS Filter Profile for the Firewall Rule and note That the DNS Filter Local Setting will be applied to all clients on the local network that use the router as the DNS server.
Source: https://habr.com/ru/post/395167/
All Articles