Nov 26 2008

Blocking YouTube with a WRT54G

Published by at 1:40 pm under Family,Firewall,Simple Security

Ahh, the joys of being a parent.  My youngest son recently started sprinkling his language with profanity, something both his mother and I were certain he didn’t get from us:  she almost never uses profanity and when I do the kids are usually running for cover rather than trying to remember what I said.  At first we thought he was getting it from school, but his older brother finally came forward and told us it was from videos he was watching on YouTube.  What had looked like a fairly innocuous video of SuperMario and other characters turned out to be profanity laden and more than a little disturbing.  He was given a warning and told to turn off any videos that contained profanity, then lost his computer rights for a week when I caught him watching a video with profanity.  The third time’s a charm, so I decided it’s time to block YouTube at the entry way, my WRT54G router.

It seemed simple and straight forward.  But an hour and several internet searches later, and I still couldn’t get the WRT54G to block YouTube.  I created a Policy called YouTube, rather appropriately, I added a list of affected PC’s, set it to everyday, 24 hours a day and entered http://www.youtube.com in the space marked “Website blocking by URL address”.  Then hit “Save Settings” and … nothing.  I was still able to get to YouTube, the kids could get to YouTube and I was not happy.

Then it suddenly struck me: the folks at Linksys and Cisco were creating the software for the average computer user, someone who doesn’t have the faintest idea what “HTTP” or “URL” mean and probably never types the “http://” at the beginning of the URL.  I took that out of the URL and saved the settings and now YouTube is blocked.  I’m happy that I now know how to block a site, but I’m frustrated that the developers couldn’t have taken a few more lines of code to either automatically remove the http:// if typed in, or at the very least taken ten seconds to add an example of what they consider a URL.  If I’d seen even one example of what they consider a URL, I would have been able to block the site in less than 5 minutes, rather than taking over an hour.  And I wonder how many less technical parents have given up in frustration.

As someone put it on Twitter “Sometimes people should check acronym definitions before using them”

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

10 responses so far

10 Responses to “Blocking YouTube with a WRT54G”

  1. Wim Remeson 26 Nov 2008 at 2:24 pm

    Oh, you wanted to block it completely :)

    For those people who want to block it but don’t have that option in their internet firewall/router, there’s three other resorts :

    point http://www.youtube.com to 127.0.0.1 in the hosts file in c:\windows\system32\drivers\etc
    *this is an easy way out, but if $spawn is knowledgeable enough and using an admin level account, you might be out of luck.

    use OpenDNS as your DNS provider instead of your ISP’s DNS servers. OpenDNS provides a FREE parental control filter (category based) AND allows you to block specific pages, as Martin explained in his post.
    *this is ‘my way’ as anybody who wants to tinker with the settings needs an account to do so. If you’re really paranoid. Block port 53 TCP/UDP outgoing on your internet router/firewall so you’re prodigy son can’t use other DNS servers.

    use Windows Parental control. From what I heard it can block youtube content based on categorization so $spawn can still use youtube but not the ‘dirty’ content.
    *I haven’t tried this and this solution relies on the third party properly categorizing their content. I don’t think this is a good solution for this purpose, but Parental Control killes more than one bird being the stone it is.

    Cheers,

    W

  2. alan shimelon 26 Nov 2008 at 3:10 pm

    Martin – We had a similar experience a few months back at our house (our kids being the same age, I guess that means that this is normal behavior for kids this age). Our boys were looking at videos of “Emos” (I didn’t know what that was, but it is something like Goths, dressed in black and stuff). I overheard my youngest son talking about someone locking themselves in a refrigerator and dying and other people laughing about it. That was enough for me. I did not want to completely take out You Tube from the house though, as I and Bonnie occasionally view it. I laid out the money for Net Nanny and have started enforcing user accounts and passwords on the home machines. I have found it a great program to take out all kinds of sites that the kids shouldn’t be watching. Today it is You Tube, tomorrow it is something else. I am not going to lose this security war by being reactive, I am being pro-active and denying whole classes of media.
    Also if I want to allow a particular site I can always override with passwords.

    Hope that helps!

  3. Timon 26 Nov 2008 at 5:38 pm

    Martin,

    Dont forgot http://video.google.com sorry video.google.com (they own youtube).

    (;

    Love the podcast

    Tim Mugherini

  4. Dudeon 01 Dec 2008 at 11:23 am

    I am just curious why you didn’t just edit the “HOSTS” file?

    This is a “Network Security Blog” right?

  5. Martinon 01 Dec 2008 at 4:09 pm

    Dude,

    Mostly because my kids have physical access to their computer. I haven’t taught them what a host file is yet, but I want to be able to block them on something they don’t have any controls over. They might be able to log into the router some day, but for now they don’t even know which set of blinky lights it is.

    Besides, it IS the Network Security Blog, so I put the controls on the network equipment, not the host system.

    Martin

  6. Jonathanon 01 Dec 2008 at 4:37 pm

    Dear Martin,

    The WRT54G is one of a few handfuls or routers that can be flashed with custom software. There is a project going on called DD-WRT that turns a $30 router into a $300 router.

    I would try checking it out because it’s free.
    http://en.wikipedia.org/wiki/DD-WRT

  7. Martinon 02 Dec 2008 at 6:48 am

    Jonathan,

    I’ve thought about installing DD-WRT on my WRT54G’s, but I have v8’s, which have the lowest memory of the whole series and would only allow a very stripped down version of the software. I’ve got Paul and Larry’s book, Linksys WRT54G Ultimate Hacking, but it’s not worth the amount of effort I’d have to put into it for what I’d gain. And right now, I just don’t have the time to spare to perform an install and test; I can’t afford the potential down time.

    I am one or two clicks away from purchasing an Asus WL500G, which I’ve been told takes many of the extended packages that the WRT54G takes. Just haven’t hit the ‘purchase’ button with all the money flowing out of my account in anticipation of Christmas.

    Martin

  8. Jeffon 30 Dec 2009 at 11:26 pm

    I am unable to get my WRT54G to block websites at all, at least world of warcraft. I tried Martin’s approach – dumbing down the URL (worldofwarcraft.com). No luck. I put the http:\\www back in – no luck. Following a suggestion I tried an asterisk: *.worldofwarcraft.com. No luck. I’ve followed numerous “how to” instructions shown on many many websites. I’ve upgraded the firmware. I’ve entered MAC addresses. I’ve been through LinkSys’s knowledge base. I’ve spent hours. No luck.

    Yes, I put it in the hosts file and yes that works, but it’s just as easy for my bright 16 year old to remove entries from the hosts file as it is for me to put them there. I want to do this in the router because in my judgement that is where it belongs. But nothing works. The router simply does not block the website.

  9. gregor@switchon 06 Mar 2010 at 5:16 am

    Does my mac adresse change if I upgrade my computer with some other hardware? For example change the graphic card?

  10. Neil Cavanaghon 11 Jul 2013 at 6:29 am

    Having been involved in school network security and filtering, I can honestly say it’s amazing the ways in which the kids get round the filtering. The transparent proxy sites were always the favourite. As soon as we’d block one, they’d find another; I even came across a site that advertised a new transparent proxy each hour of the day.

    To effectively block a site, you’d need to invest in some pretty decent software between your kid’s computer and the internet connection (and lock it away). Forget host files, changing the local admin pasword or installing any client-side software, they’ll just find it any remove it; why? ’cause it’s a challenge! :-)

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: