Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


306 posts

Ultimate Geek
+1 received by user: 4


Topic # 215117 13-Jun-2017 07:55
Send private message

I have a Fritz 3370, trying to use the parental controls feature to block youtube access for a particular Chromebook.

 

I created a new access profile for this Chromebook specifically, and assigned it a permanent IPv4 on the network.

 

The profile is:

 

- Online time: unlimited

 

- Shared budget: no

 

- Filters: blacklist

 

- Blocked applications: none

 

 

I then added youtube.com and https://www.youtube.com to the blacklist.

 

 

Outcome: my darling daughter can still watch youtube on her Chromebook at will.

 

 

The Fritz definitely recognises her Chromebook, and supposedly applies the right access profile, it's just that the rules don't seem to be working. Would appreciate any ideas here.




Hello, Ground!

Create new topic
3148 posts

Uber Geek
+1 received by user: 883

Trusted

  Reply # 1799043 13-Jun-2017 08:16
Send private message

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)


Meow
7446 posts

Uber Geek
+1 received by user: 3584

Moderator
Trusted
Lifetime subscriber

  Reply # 1799047 13-Jun-2017 08:28
Send private message

It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.




1099 posts

Uber Geek
+1 received by user: 429


  Reply # 1799052 13-Jun-2017 08:44
One person supports this post
Send private message

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.




306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799277 13-Jun-2017 12:54
Send private message

sidefx:

 

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)

 

 

Funny, I was so convinced it was a FritzBox problem, I never thought to do a broader search for similar problems. Thanks for finding this one.

 

A supervised account is a good idea, but the thing is - she already has a supervised account - with her school. Problem is, at 3pm all account restrictions applied by the school are turned off (fair enough), meaning I need to come up with an alternative.





Hello, Ground!



306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799303 13-Jun-2017 12:59
Send private message

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.





Hello, Ground!



306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799304 13-Jun-2017 13:00
Send private message

michaelmurfy: It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.

 

Spark...





Hello, Ground!

1099 posts

Uber Geek
+1 received by user: 429


  Reply # 1799328 13-Jun-2017 13:42
Send private message

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 


251 posts

Ultimate Geek
+1 received by user: 46


  Reply # 1799577 13-Jun-2017 18:02
Send private message

Wiggum:

 

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

^ what he said except for the opendns bit. Opendns is relatively easy to beat. The only way around it is to use something like HTTPS decryption which is a step out of typical home user stuff. With regards to HTTPS traffic all that can be seen is the source IP/Port and destination IP/Port.

 

 

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).


1456 posts

Uber Geek
+1 received by user: 177


  Reply # 1799606 13-Jun-2017 19:13
Send private message

Wiggum:

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.


Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.



This.

Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html



306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799724 13-Jun-2017 23:19
Send private message

Wiggum:

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

 

 

Yep, you're right. Bummer.




Hello, Ground!



306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799726 13-Jun-2017 23:28
Send private message

vulcannz:

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).

 

 

Interestingly, Fritz does have a way of blocking by protocol, but doesn't list QUIC among the options

 

(TCP, UDP, ESP, GRE, ICMP)

 

I suppose I can simply block UDP ports 80 and 443 on the access profile, but I wonder if all that will mean is that Chrome will stop using QUIC.




Hello, Ground!



306 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799727 13-Jun-2017 23:37
Send private message

tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html

 

 

Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords.

 

The ugliness of this solution really annoys me, but it does seem to be effective.




Hello, Ground!

2630 posts

Uber Geek
+1 received by user: 271


  Reply # 1799733 14-Jun-2017 00:19
Send private message

Seems theres a plethora of domains the apps call upon.

 

Worth a shot trying to block a list..

 

https://superuser.com/questions/713289/blocking-youtube-android-app-from-router

 

The majority seem to respond.

 

 

 

 


1099 posts

Uber Geek
+1 received by user: 429


  Reply # 1799812 14-Jun-2017 08:32
Send private message

Kookoo:
tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html
Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords. The ugliness of this solution really annoys me, but it does seem to be effective.

 

Both my kids have chromebooks for school. We have not blocked youtube, but do use opendns to block a bunch of categories.

 

What I have found works is limiting the chromebook to a certain amount of screen time per day (my kids have 1 hour).  Kids know that they have to do homework first, any left over time can be used for anything else. Sometimes they need more, then we just give them a fritzbox ticket for another 45minutes.

 

What are you really trying to achieve by blocking youtube? There is a setting in youtube where you can enable restricted mode. This works pretty well. We also don't allow the kids to use chromebooks in bedrooms.


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.