How to Restrict some HTTP and HTTPS Web Sites for Wi-Fi Guest Users
Posted by Roy Panetta on 18 March 2016 11:19 AM
This application note will describe how to configure a Vigor2760n router to restrict guest Wi-Fi users to only be able to access specified HTTP and HTTPS web sites. This is done by using a combination of the URL and DNS filter in the firewall rule.
It should be noted that for users of Android tablets and I-Pads additional keywords are required in the keyword objects used for the URL filter profile.
We have two VLANS configured in the Vigor2760n and have restricted guest Wi-Fi access through SSID2. We will need to apply the firewall rules to SSID 2 which uses IP subnet 192.168.2.0.
Step 1: Create Required LAN and Wi-Fi Networks
Ensure that VLANs and SSIDs are configured as shown below:
Step 2: Create keyword Objects
Go to Objects Setting >> Keyword Object, click on an Index number to edit.
For our example we need to use the keywords jw.org, akamaid and akamaisince the required web sites needs to access these sites.
Note: Android and iOS devices will check Wi-Fi connectivity by sending a DNS query to connectivitycheck.gstatic.com and captive.apple.com so we will need to create an additional keyword objects: connectivitycheck.gstatic.com captive.apple.com. Otherwise there will be issues accessing the web sites.
Click OK to save.
Step 3: Create URL Filter
Create a URL Filter to pass websites of which URL contains the keyword:
Go to CSM > URL Content Filter Profile, click on a profile Index to edit.
Step 3: Create DNS Filter profile
Go to CSM >> DNS Filter Profile, click on a profile number to edit,
Step 4: Apply the URL Filter to Firewall Filter Rule
Go to Firewall >> Filter Setup >> Data Filter Set (Set 2), click on a Filter Rule Index to edit.
Step 5: Testing
From a PC or tablet PC test connectivity from Guest Wi-Fi network.
You should see a block message similar to that shown below: