Have a bookmark for facebook

DAVID BREECE · ‎08-30-2015

RV-130W

I've setup a schedule and given certain devices an address in a specified range 10.10.10.201 to 209. I setup an Internet access policy specifically to block this range of addresses according to the schedules I setup. It is as if I did nothing. Users can still access the Internet. I made a previous post and the answer I got referred me to the manual. Don't bother replying with that info. I've read the manuals. Are there other prerequisites that need to be performed? Should the destination be the WAN interface? Something is missing and the answer is not in the manual

ars Wegerich · ‎09-09-2015

Same here. VERY interested in a solution.

Firmware is on latest release.

cchamorr · ‎09-09-2015

Hello,

Could you provide screenshots of your configuration as well as the System Summary page or dashboard?

Thank you

ars Wegerich · ‎09-09-2015

Don't wanna hijack this thread but I think my problem is quite the same so I post my screenshots (s. attachments)

cchamorr · ‎09-10-2015

Thank you for the screenshots.

Before continuing, can you let me know if when you try to go to facebook from that PC with IP address 192.168.2.100, are you connecting via HTTPS or only HTTP.

Could you verify that?

Thank you

ars Wegerich · ‎09-11-2015

Have a bookmark for facebook which is:

https://www.facebook.com/home.php

So, HTTPS is the answer to your question.

Just typed in the HTTP URL "http://www.facebook.com" in the browser and it redirects to the HTTPS link which then show the facebook web page.

cchamorr · ‎09-11-2015

Thank you for the reply, that confirms what I was thinking.

First of all, your configuration is absolutely correct and if you are trying to block a NON HTTPS website, I'm very positive it will work.

Now, unfortunately, on the current Small Business routers line up, HTTPS websites are considered as secured and are not blocked by the Internet Policy Rules. With this routers, when you are going to secure websites on the internet the policy is not even applied.

The only way to block access to those types of websites directly from the unit is to find out the IP addresses of the actual site (Facebook for example has many addresses) and block them via access rules. The problem with this is to find all the addresses, and even if you do, there could start using a different address very quickly so the rules will become ineffective at that moment.

One workaround is to use a service like OpenDNS which should help you blocking certain sites but I'm not sure if it will do what you are looking for on your scenario.

I hope this answer clarifies things.

Please let us know if you have any questions and don't forget to mark an answer as correct or to grade it if it was helpful to you so that other members will benefit from it.

ars Wegerich · ‎09-11-2015

thanks for your quick answer!

but besides that I think it's useful to support blocking of HTTPS traffic not for security reasons but for blocking specific content I couldn't verify what you wrote.

I made another Internet Access Policy rule which blocks the domain name of n-tv.de (a german news site) and it doesn't work either. (s. screenshot for settings)

This one comes over HTTP not HTTPS.

am confused now

P.S. how do I mark an answer as correct or grade it? Ist that the "five stars" rating I see below the posts?

cchamorr · ‎09-11-2015

Thank you for the quick reply.

You are right and we are working on the possibility of blocking HTTPS websites as well.

Also, after checking your settings I cannot see why it wouldn't work as everything appears correctly configured.

I noticed that your RV130 is a very recent unit and so I'm sure it is covered under support.

At this point I will recommend for you to contact the Small business support center to create a case so that we can take a closer look at your particular scenario as what you are trying to do, blocking non HTTPS sites is fully supported.

Here is the link that contains all of the support number around the world.

http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Just make sure you call us during your support hours of Monday Thru Friday from 9 AM to 6 PM your local time.

I hope this helps.

And yes, the way to grade an answer is via the stars

Zmaila009 · ‎11-03-2020

Last answer from 2015.... I have same issue on my rv130W. "Internet access policy" is no blocking anything. In my case I want to block youtube and stuff like FB for kids who suppose to be on homeschooling. Of course it is HTTPS sites to block. I red all forums and this as well and I did update firmware on my router in a case there is update for this feature, but it isnt working. Configuration is very simple. Block this and that keyword during this and that hour - days on this and that Mac address or IP (possibly IP range). It doesnt work and so far no logs showing access violation (as it probably dont recognize HTTPS as violation). I bought this last year as my previous Cisco small bussines router broke after 7years of good service. Big fan of cisco and my entire home network is build with cisco components. So this is quite disapointing - not be able to block few websites by firewall. Is there anything happening or.....?

Martin Aleksandrov · ‎11-04-2020

Hello David,

Please read below posts. The RV130W is not looking for secure https traffic, therefore can't filter HTTPS web sites but only non-secure HTTP. You should have RV130W-WB-A-K9-xx platform to use different web filtering categories to block certain web sites based on web reputation rank. In those cases, you can block both https and/or http web sites.

Please note RV13x series have been announced EoS/EoL since December 2019 and the replacement product is RV160/260 series routers.

Regards,

Martin

Internet blocking feature doesn't work