DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

V2820 "Prevent web access from IP address" does no

More
04 Nov 2009 21:41 #58649 by lesd
I want to stop users from entering an IP so they are forced througn the DNS lookup at OpenDNS.

I have had this working on a V2910 and V2800 but it does not work for me on the 2820.

I have set up CSM > URL Content filter Profile > 1 >

Priority: Either: URL AC First
Enable URL Access Control is ticked
Prevent web access from IP address is ticked
Action: Block

I have tried Priority: Block Both - not better.

What have I done wrong?

Les

Please Log in or Create an account to join the conversation.

More
05 Nov 2009 00:28 #58653 by macavity
Is the CSM profile enabled in the Firewall General Setup or in a specific IP filter? If not, then it's not active. The general setup acts globally where the ip filter rules can be applied to specific local machines (via source IP)

Prevent web access from IP address will prevent users from typing http://ip rather than http://hostname

Eg. http://209.85.229.106 to access www.google.co.uk

As a side note, if you want to force them to use Open DNS, then you'll probably find it useful to have a firewall rule or rules that block any requests to UDP 53 (DNS) to any IP other than the OpenDNS ones in case anyone has manually changed the DNS setting on their PC.

Please Log in or Create an account to join the conversation.

More
05 Nov 2009 09:29 #58658 by lesd
Thank you. That was it.

Thanks also for the port 53 suggestion but I am already doing that (or rather about to copy the rules from my V2910 - I hope the firewall rules setup are similar on the two boxes)

Les

Please Log in or Create an account to join the conversation.

More
05 Nov 2009 12:21 #58670 by macavity
Thanks :)

Please Log in or Create an account to join the conversation.

More
07 Apr 2010 00:10 #61574 by colbackp
Replied by colbackp on topic Example of DNS blocking rule
Hi
Can you please give an example of the DNS rule or rules for blocking other DNS options than OpenDNS?
When this is set, is there another way around this that users have tried to circumvent the OpenDNS route?
Thanks
Peter

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami