Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




304 posts

Ultimate Geek
+1 received by user: 4


Topic # 215117 13-Jun-2017 07:55
Send private message

I have a Fritz 3370, trying to use the parental controls feature to block youtube access for a particular Chromebook.

 

I created a new access profile for this Chromebook specifically, and assigned it a permanent IPv4 on the network.

 

The profile is:

 

- Online time: unlimited

 

- Shared budget: no

 

- Filters: blacklist

 

- Blocked applications: none

 

 

I then added youtube.com and https://www.youtube.com to the blacklist.

 

 

Outcome: my darling daughter can still watch youtube on her Chromebook at will.

 

 

The Fritz definitely recognises her Chromebook, and supposedly applies the right access profile, it's just that the rules don't seem to be working. Would appreciate any ideas here.




Hello, Ground!

Create new topic
3088 posts

Uber Geek
+1 received by user: 851

Trusted

  Reply # 1799043 13-Jun-2017 08:16
Send private message

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)


Meow
7098 posts

Uber Geek
+1 received by user: 3336

Moderator
Trusted
Lifetime subscriber

  Reply # 1799047 13-Jun-2017 08:28
Send private message

It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.




 
 
 
 


957 posts

Ultimate Geek
+1 received by user: 363


  Reply # 1799052 13-Jun-2017 08:44
One person supports this post
Send private message

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.




304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799277 13-Jun-2017 12:54
Send private message

sidefx:

 

I'm not sure why that might be... but have you considered creating a supervised account on the chromebook?

 

 

 

https://productforums.google.com/forum/#!topic/chromebook-central/8LXGdW81J20

 

 

 

(interestingly the poster in that thread also say their chromebook seems to ignore router level controls...)

 

 

Funny, I was so convinced it was a FritzBox problem, I never thought to do a broader search for similar problems. Thanks for finding this one.

 

A supervised account is a good idea, but the thing is - she already has a supervised account - with her school. Problem is, at 3pm all account restrictions applied by the school are turned off (fair enough), meaning I need to come up with an alternative.





Hello, Ground!



304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799303 13-Jun-2017 12:59
Send private message

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.





Hello, Ground!



304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799304 13-Jun-2017 13:00
Send private message

michaelmurfy: It sounds like you're on an ISP that supports IPv6 (eg 2degrees) - Chromebooks by default use Google DNS over IPv6 and will also use that as default. You can see if this is the case if you see the Geekzone IPv6 logo.

In this case, blocking over IPv4 won't work. With the Chromebook a supervised account is best.

 

Spark...





Hello, Ground!

957 posts

Ultimate Geek
+1 received by user: 363


  Reply # 1799328 13-Jun-2017 13:42
Send private message

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 


196 posts

Master Geek
+1 received by user: 26


  Reply # 1799577 13-Jun-2017 18:02
Send private message

Wiggum:

 

Kookoo:

 

Wiggum:

 

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.

 

Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.

 

 

That doesn't sound right.

 

The Fritz!Box has a feature that allows you to override blacklist settings for HTTPS. In other words, if you enter youtube.com in blacklist, it will block both http and https. But if you check "allow HTTPS" it will only apply the restrictions to HTTP.

 

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

^ what he said except for the opendns bit. Opendns is relatively easy to beat. The only way around it is to use something like HTTPS decryption which is a step out of typical home user stuff. With regards to HTTPS traffic all that can be seen is the source IP/Port and destination IP/Port.

 

 

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).


1424 posts

Uber Geek
+1 received by user: 168


  Reply # 1799606 13-Jun-2017 19:13
Send private message

Wiggum:

Fritzbox parental controls does not block https websites. So you can't block youtube. I know its pretty pathetic.


Your best bet is to make use of opendns, replace the dns settings on your router with opendns dns, and block youtube through opendns.



This.

Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html



304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799724 13-Jun-2017 23:19
Send private message

Wiggum:

 

Thats incorrect. The allow https function opens https to all domains, thats all it is doing. If its unticked then no https queries are allowed anywhere. If you have it ticked then any website which uses secure logins like youtube, Facebook, online banking, geekzone etc will all be permitted even if they are on the blacklist. https traffic is secure and encrypted. The fritzbox can't read these packets, hence it won't block them.

 

Test it and you will see.

 

The only way around this is to use something like opendns.

 

 

 

 

Yep, you're right. Bummer.




Hello, Ground!



304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799726 13-Jun-2017 23:28
Send private message

vulcannz:

 

That said you'll likely find the traffic going out is Google QUIC protocol (HTTP/HTTPS over UDP).

 

 

Interestingly, Fritz does have a way of blocking by protocol, but doesn't list QUIC among the options

 

(TCP, UDP, ESP, GRE, ICMP)

 

I suppose I can simply block UDP ports 80 and 443 on the access profile, but I wonder if all that will mean is that Chrome will stop using QUIC.




Hello, Ground!



304 posts

Ultimate Geek
+1 received by user: 4


  Reply # 1799727 13-Jun-2017 23:37
Send private message

tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html

 

 

Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords.

 

The ugliness of this solution really annoys me, but it does seem to be effective.




Hello, Ground!

2297 posts

Uber Geek
+1 received by user: 226


  Reply # 1799733 14-Jun-2017 00:19
Send private message

Seems theres a plethora of domains the apps call upon.

 

Worth a shot trying to block a list..

 

https://superuser.com/questions/713289/blocking-youtube-android-app-from-router

 

The majority seem to respond.

 

 

 

 


957 posts

Ultimate Geek
+1 received by user: 363


  Reply # 1799812 14-Jun-2017 08:32
Send private message

Kookoo:
tchart: Plus good luck trying to block the apps, that's even harder. I gave up.

If you aren't technically inclined then look for something like this; https://koalasafe.com/reviews.html
Funny, this got me thinking in a completely different direction - why not try an extension. I'm trying to manage a kid's Chromebook here, so I just need an interim solution that would be fit for purpose while she isn't smart enough to figure a way around it. Once she is smart enough, I'll need a new solution. In the meantime, though - I installed Video Blocker and created a blacklist using the alphabet as the keywords. The ugliness of this solution really annoys me, but it does seem to be effective.

 

Both my kids have chromebooks for school. We have not blocked youtube, but do use opendns to block a bunch of categories.

 

What I have found works is limiting the chromebook to a certain amount of screen time per day (my kids have 1 hour).  Kids know that they have to do homework first, any left over time can be used for anything else. Sometimes they need more, then we just give them a fritzbox ticket for another 45minutes.

 

What are you really trying to achieve by blocking youtube? There is a setting in youtube where you can enable restricted mode. This works pretty well. We also don't allow the kids to use chromebooks in bedrooms.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Fujifilm X beats its best with new top of the range, high-performance camera
Posted 24-Feb-2018 14:05


One million kiwis affected by cybercrime
Posted 24-Feb-2018 13:58


New Zealanders want to engage with government online and via mobile apps
Posted 24-Feb-2018 13:56


Samsung launches Samsung Max
Posted 24-Feb-2018 13:52


CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.