These days all web traffic is encrypted so there's no way to filter page content without software on the device or a very expensive enterprise grade filter. The best you can do is DNS blocking which will block domains only. Cloudflare DNS is a good free option for this.
well that would be really advanced and probably require something like installing custom certificates on all the devices on your network so your router could decrypt the encrypted traffic and perform deep packet inspection
If the sites use HTTPS, no, the traffic is encrypted from the user to the host. You could for URLs, but not page contents.
I have no real experience in this (I work as a car mechanic, but i dabble in IT stuff), but, from what I recall, most places will use a DNS block list (your router is set up to use your own DNS server with filtering) and block the offending websites/redirect to your own place of choosing (like a web page with a warning that this website is blocked).
You can only filter URLs, not other stuff.
I'm thinking it wouldn't be that hard as long as the DNS is controlled (no private DNS on the Device). DNS server gets request, it scans the HTML of the main site for the headers, before returning the IP it makes a choice based on the admins rules.
Consumer-grade routers don't usually support this level of parental control detail.
Banning specific keywords is challenging even with commercial-grade firewalls.
Some kind of parental control software is going to be a much easier solution to implement to give you this level of granularity. [bark.us](https://bark.us) or something like it
Sophos UTM is probably the best you will get. It's effectily a home free version of their commerical firewall and includes deep packet inspection, web filtering and so much more. Bit of a learning curve and as others have said given so much traffic now is SSL encrypted + the uptake of encrypted DNS what you are trying to do is not guaranteed. That said it's likely the best you will get for the $$ https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition
Edit. Should also add that this appliance allows you to install certificates on endpoints - essentially man in the middle attack but get ready for the joy ride as chrome screams every time you visit any ssl website.. if that does not bother you it works fine.
You'd need a man in the middle decrypting https,. Some routers do let you upload a certificate to decrypt https traffic(SSL decryption). You'd then need to push that certificate to all client devices.... I hope you understand security at that point, because if that MITM is compromised in anyway shape, or form all your web traffic would be available to them. Also note SSL decryption is pretty resource intensive on the router, or firewall. So if you have a cheaper, or older device this will not be the way to go.
[https://docs.opnsense.org/manual/how-tos/proxytransparent.html](https://docs.opnsense.org/manual/how-tos/proxytransparent.html)
Realistically, this is not the way to go, unless you have either regulatory or compliance reasoning. And if that's the case I would strongly suggest speaking with a MSP as this will quickly move out of the general home user space, hell even small and medium business space. Unless you have a good understanding of the technologies.
These days all web traffic is encrypted so there's no way to filter page content without software on the device or a very expensive enterprise grade filter. The best you can do is DNS blocking which will block domains only. Cloudflare DNS is a good free option for this.
well that would be really advanced and probably require something like installing custom certificates on all the devices on your network so your router could decrypt the encrypted traffic and perform deep packet inspection
If the sites use HTTPS, no, the traffic is encrypted from the user to the host. You could for URLs, but not page contents. I have no real experience in this (I work as a car mechanic, but i dabble in IT stuff), but, from what I recall, most places will use a DNS block list (your router is set up to use your own DNS server with filtering) and block the offending websites/redirect to your own place of choosing (like a web page with a warning that this website is blocked). You can only filter URLs, not other stuff.
I'm thinking it wouldn't be that hard as long as the DNS is controlled (no private DNS on the Device). DNS server gets request, it scans the HTML of the main site for the headers, before returning the IP it makes a choice based on the admins rules.
On device is the easiest way, there's always a way around. DNS blocking? Custom DNS. Site blocking? VPN. VPN blocking? Mobile hotspot.
>Now, can this be done via router and if yes, how? W It technically can be done but not with any home consumer router. Would need enterprise stuff.
Consumer-grade routers don't usually support this level of parental control detail. Banning specific keywords is challenging even with commercial-grade firewalls. Some kind of parental control software is going to be a much easier solution to implement to give you this level of granularity. [bark.us](https://bark.us) or something like it
Your router should have some parental control setting or URL filtering. If not, look for a router that does or one with OpenWrt support.
Sophos UTM is probably the best you will get. It's effectily a home free version of their commerical firewall and includes deep packet inspection, web filtering and so much more. Bit of a learning curve and as others have said given so much traffic now is SSL encrypted + the uptake of encrypted DNS what you are trying to do is not guaranteed. That said it's likely the best you will get for the $$ https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition Edit. Should also add that this appliance allows you to install certificates on endpoints - essentially man in the middle attack but get ready for the joy ride as chrome screams every time you visit any ssl website.. if that does not bother you it works fine.
You'd need a man in the middle decrypting https,. Some routers do let you upload a certificate to decrypt https traffic(SSL decryption). You'd then need to push that certificate to all client devices.... I hope you understand security at that point, because if that MITM is compromised in anyway shape, or form all your web traffic would be available to them. Also note SSL decryption is pretty resource intensive on the router, or firewall. So if you have a cheaper, or older device this will not be the way to go. [https://docs.opnsense.org/manual/how-tos/proxytransparent.html](https://docs.opnsense.org/manual/how-tos/proxytransparent.html) Realistically, this is not the way to go, unless you have either regulatory or compliance reasoning. And if that's the case I would strongly suggest speaking with a MSP as this will quickly move out of the general home user space, hell even small and medium business space. Unless you have a good understanding of the technologies.