How to block access to all websites except ones you approve.

 

 

       

 
Skip to comments.
 
Skip to instructions.
 
 
With a BUC appliance you can create a rule that that will block access to all websites except ones you approve, and this rule can be applied to single or multiple devices, and on a schedule..
 
For this example we are going to create a Firewall > Restriction rule that will allow access to wikipedia.org between the hours of 8 AM - 3 PM, Mon - Fri. Note that wikipedia.org is a fairly difficult site to work with because it must pull content from other websites to load properly. Most websites are much easier to deal with.
 
NOTE: Blocking domains will not always block HTTPS connections. For example, blocking facebook.com will block http://www.facebook.com, but not HTTPS://www.facebook.com unless we turn off the SSL application protocol (i.e. HTTPS) also. Therefor we need to create two rules: rule 1) blocks all websites but those we allow, rule 2) blocks HTTPS sites from bypassing rule 1. Also, creating a single rule with both settings will not work so we must create two rules to accomplish our goal. 
 

Rule 1. Create a whitelist only Firewall > Restriction:

  1. Log into your BUC Router at http://192.168.10.1
  2. Go to Connected Hosts
  3. Look at your DHCP leases, and Connected Wireless Hosts
  4. The device(s) you want to apply restrictions to should be listed here with friendly names
  5. Go to Firewall > Restrictions
  6. Create a new rule:
    • Rule Description: mon_fri_whitelist
    • Rule Applies To: Only the Following Hosts
      • Enter the IP addresses of the devices this list will apply to
        • You can edit this rule to add / remove devices at any time
    • Uncheck All Day
    • ​Uncheck Every Day > check appropriate days
    • Uncheck All Network Access
      • Change Website URL(s): to Block All Except
        • Change Full URL matches exactly: to Domain contains:
          • enter wikipedia.org
          • Add
        • Add New Rule
      • Save Changes​​​
​​​See an example of rule 1.
​​​How to test and debug rule 1.**
 

Rule 2: Create a SSL Secure Socket Firewall > Restriction

  1. Log into your BUC Router at http://192.168.10.1
    Go to Firewall > Restrictions
  2. Create a new rule:
    • Rule Description: block_https
    • Rule Applies To: Only the Following Hosts
      • Same host as in rule 1
    • Uncheck All Day
    • ​Uncheck Every Day > check appropriate days
    • Uncheck All Network Access
      • Change Application Protocol: SSL Secure Socket
        • Change Full URL matches exactly: to Domain contains
        • Add New Rule
      • Save Changes​​​
 
See an example of rule 2.
 
NOTE: Blocking the SSL Secure Socket application protocol will prevent access to HTTPS sites from loading. 
 
 
Updated: 4/7/15

 


 

.

Comment Box is loading comments...

 

 

 

-Return-

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


When assigning friendly names to the devices on your network you'll need to find the MAC address of each device.

How to find MAC address:

  • Android OS (Nexus 7, GalaxyS 1- 4, Google 
    • Go to Settings, About Device, Status
  • Kind Fire
    • Go to Settings, Device
  • Kindle Fire HD
    • Go to Settings, Wireless, Wi-Fi
  • Windows 8
    •  
  • MAC OS
    • Go to System Preferences, Nework, Advanced, Hardware

 

-TOP-


Test and debug

​​​Test the whitelist Access Restriction:

​​​We can test the rule by going to www.Wikipedia.org from the computer this rule is being applied to.  You'll notice right away Wikipedia.org doesn't load properly.  That's because for Wikipedia.org to display properly it pulls content from a number of other websites. We'll need to add these to this whitelist.

How to find the additional websites that need to be whitelisted for www.Wikipedia.org to work properly:

  1. Log into your BUC Router at http://192.168.10.1
  2. Enable Web Usage monitor and Clear History if there are already logs
  3. Select Monitor Only Hosts Below
  4. Enter the IP address of the device we just applied the Access Restriction to
    • Save changes
  5. From the device the whitelist rules has been applied to, open a Web browser and go to www.wikipedia.org
    • ​​You cannot lock yourself accidentally out of the BUC Router, so you can use the same computer this rule applies to for testing
  6. Now look at your Web Usage monitor
  7. Back on the Gatekeeper, go to Firewall, Restrictions, and edit the whitelist
    • Add: wikimedia.org
    • Close and Apply Changes
    • Save Changes​​
​​Wikipedia.org or should load fine for you now.

 

-Return-



Rule 1

 

-Return-



Rule 2

 

-Return-