Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




297 posts

Ultimate Geek
+1 received by user: 4


Topic # 215117 13-Jun-2017 07:55
Send private message quote this post

I have a Fritz 3370, trying to use the parental controls feature to block youtube access for a particular Chromebook.

 

I created a new access profile for this Chromebook specifically, and assigned it a permanent IPv4 on the network.

 

The profile is:

 

- Online time: unlimited

 

- Shared budget: no

 

- Filters: blacklist

 

- Blocked applications: none

 

 

I then added youtube.com and https://www.youtube.com to the blacklist.

 

 

Outcome: my darling daughter can still watch youtube on her Chromebook at will.

 

 

The Fritz definitely recognises her Chromebook, and supposedly applies the right access profile, it's just that the rules don't seem to be working. Would appreciate any ideas here.




Hello, Ground!

Create new topic
3043 posts

Uber Geek
+1 received by user: 836

Trusted

  Reply # 1799043 13-Jun-2017 08:16
Send private message quote this post

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)


6393 posts

Uber Geek
+1 received by user: 2833

Moderator
Trusted
Subscriber

  Reply # 1799047 13-Jun-2017 08:28
Send private message quote this post

It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


 
 
 
 


560 posts

Ultimate Geek
+1 received by user: 227


  Reply # 1799052 13-Jun-2017 08:44
One person supports this post
Send private message quote this post

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.




297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799277 13-Jun-2017 12:54
Send private message quote this post

sidefx:

 

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)

 

 

Funny, I was so convinced it was a FritzBox problem, I never thought to do a broader search for similar problems. Thanks for finding this one.

 

A supervised account is a good idea, but the thing is - she already has a supervised account - with her school. Problem is, at 3pm all account restrictions applied by the school are turned off (fair enough), meaning I need to come up with an alternative.





Hello, Ground!



297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799303 13-Jun-2017 12:59
Send private message quote this post

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.





Hello, Ground!



297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799304 13-Jun-2017 13:00
Send private message quote this post

michaelmurfy: It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.

 

Spark...





Hello, Ground!

560 posts

Ultimate Geek
+1 received by user: 227


  Reply # 1799328 13-Jun-2017 13:42
Send private message quote this post

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 


142 posts

Master Geek
+1 received by user: 15


  Reply # 1799577 13-Jun-2017 18:02
Send private message quote this post

Wiggum:

 

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

^ what he said except for the opendns bit. Opendns is relatively easy to beat. The only way around it is to use something like HTTPS decryption which is a step out of typical home user stuff. With regards to HTTPS traffic all that can be seen is the source IP/Port and destination IP/Port.

 

 

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).


1345 posts

Uber Geek
+1 received by user: 144


  Reply # 1799606 13-Jun-2017 19:13
Send private message quote this post

Wiggum:

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.


Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.



This.

Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html



297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799724 13-Jun-2017 23:19
Send private message quote this post

Wiggum:

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

 

 

Yep, you're right. Bummer.




Hello, Ground!



297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799726 13-Jun-2017 23:28
Send private message quote this post

vulcannz:

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).

 

 

Interestingly, Fritz does have a way of blocking by protocol, but doesn't list QUIC among the options

 

(TCP, UDP, ESP, GRE, ICMP)

 

I suppose I can simply block UDP ports 80 and 443 on the access profile, but I wonder if all that will mean is that Chrome will stop using QUIC.




Hello, Ground!



297 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799727 13-Jun-2017 23:37
Send private message quote this post

tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html

 

 

Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords.

 

The ugliness of this solution really annoys me, but it does seem to be effective.




Hello, Ground!

1929 posts

Uber Geek
+1 received by user: 152


  Reply # 1799733 14-Jun-2017 00:19
Send private message quote this post

Seems theres a plethora of domains the apps call upon.

 

Worth a shot trying to block a list..

 

https://superuser.com/questions/713289/blocking-youtube-android-app-from-router

 

The majority seem to respond.

 

 

 

 


560 posts

Ultimate Geek
+1 received by user: 227


  Reply # 1799812 14-Jun-2017 08:32
Send private message quote this post

Kookoo:
tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html
Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords. The ugliness of this solution really annoys me, but it does seem to be effective.

 

Both my kids have chromebooks for school. We have not blocked youtube, but do use opendns to block a bunch of categories.

 

What I have found works is limiting the chromebook to a certain amount of screen time per day (my kids have 1 hour).  Kids know that they have to do homework first, any left over time can be used for anything else. Sometimes they need more, then we just give them a fritzbox ticket for another 45minutes.

 

What are you really trying to achieve by blocking youtube? There is a setting in youtube where you can enable restricted mode. This works pretty well. We also don't allow the kids to use chromebooks in bedrooms.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Public Wi-Fi plus cloud file sharing
Posted 18-Aug-2017 11:20


D-Link NZ launches professional Wireless AC Wave 2 Access Point for businesses
Posted 17-Aug-2017 19:25


Garmin introduces the Rino 700 five-watt two-way handheld radio
Posted 17-Aug-2017 19:04


Garmin announces the Foretrex 601 and Foretrex 701 Ballistic Edition for outdoor and tactical use
Posted 17-Aug-2017 19:02


Brightstar announces new distribution partnership with Samsung Knox platform in Australia
Posted 17-Aug-2017 17:07


Free gig-enabled WiFi network extends across Dunedin
Posted 17-Aug-2017 17:04


Samsung expands with connect Gear S3 Frontier
Posted 17-Aug-2017 15:55


Fact-checking Southern Cross Next cable is fastest to USA
Posted 17-Aug-2017 13:57


Thurrott says Microsoft Surface is dead last for reliability
Posted 16-Aug-2017 15:19


LibreOffice 5.4 works better with Microsoft Office files
Posted 16-Aug-2017 13:32


Certus launches Cognition
Posted 14-Aug-2017 09:31


Spark adds Cambridge, Turangi to 4.5G network
Posted 10-Aug-2017 17:55


REANNZ network to receive ongoing Government funding through to 2024
Posted 10-Aug-2017 16:05


Chorus backhaul starts with 2degrees
Posted 10-Aug-2017 15:49


New Zealanders cool on data analytics catching benefit fraud
Posted 10-Aug-2017 09:56



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.