Why URL filter is not able to block mobile network?

Hi everyone, I noticed that the URL filter is not able or capable to block website that have a m in front like: m.website.com even if you fill it like that in the block list it still can’t block it , it block everything that looks like this: www.website.com , website.com or http(s)://www.website.com, but not the m version.

Is this a bug ? Or am I missing something?

Best regards


How do you check this out? Whenever I try to connect to any mobile website via PC I’ll always be redirected to its usual website.

The URL filter works with the proxy server and whenever you use a mobile device which is not configured to communicate via a proxy server (which makes 100% sense), you have to run a transparent proxy with all its disadvantages.

Actually you just want to block a subdomain, but not the whole domain? As far as I can tell of the ipfire GUI it’s not made for things like that.

Hey Max,
Yes I test it trough my phone , it is connected trough my wifi, and I am running transparent proxy.
my pc witch is a Linux can go to mobile and normal website so on it I try it to.

but when I was waiting for reply i try some things and look in my settings and I figure out that the blacklist is case sensitive, one way of the other the m.website.com was M.website.com o well my mistake.

What is so bad of running transparent proxy BTW Max?

Ok , I keep testing farther and I need to say that I thought it block https but the url filter don’t.

And this time no case sensitive mistake, what am I doing wrong?

Best regards

That is the point. Transparent proxy can’t filter https connections because they are encrypted between the clients and the server. You need DPI (deep packet inspection) of an non-transparent proxy and firewall rules to filter https connections. If you do so the connection request is beeing “tunneled” through the firewall and actually all traffic goes through it and its filters (Antivirus and so on). Or in other words: your clients communicate all http/https with your firewall and your firewall with the targets/server in the world wide web. So there are two seperated, encrypted communications instead of just one). But if you want to do so the clients must be configured with the proxy server (ipfire), which is nonsense for mobile devices. That’s why I run a non-transparent proxy on green with firewall rules and a transparent proxy on blue.

Ok ok , Max Thanks that slip away, didn’t realize that, I am going to change everything.


Best regards

Ok, I adjusted my settings and I am now using the normal proxy no transparent, but there still some site that can pass the proxy, it’s a https site.
It’s really strange I checked the case I checked my settings in the browser and I checked the phone and still some site can pass the block.

On the phone I am using Firefox witch you can setup proxy on it it works really good now whit the proxy on normal mode and not transparent but when I test all the blocked website on the list, there’s some of the https website still fool the URL filter.

I think there’s really something behind this URL filter that I am missing.

Yes setting up the right firewall rules! :thinking:

Here you go with my config (German though) that does the thing!

  1. Proxy settings: Network -> Web-Proxy

  1. Firewall -> Firewall Options

  1. Firewall -> Firewall Rules

// Just ignore any rules for services you may not use!

But keep in mind you can’t do that for mobile devices.

Thanks Max , I will check my settings when I go home and ask my wife to translate some of the German ( she is German), I find it sad if you can’t block all the https, because that means if you’r kids get smarter they will be able to go to website they are not allowed to go if the website have a https version,but I still think there is something like a bug of so because some https get block and some pas trough.

Thanks again
Best regards

You are able to block that content, but then all your http/https need to go through the firewall for all networks. But then you have to define all ports that are still allowed to get through the firewall for services you want to use -> just as my rules for Steam and Games on UPLAY. Of course you can do it the other way around: just create rules to block http/https from all your networks so any client can’t communicate beside the proxy server.

But if you do so for mobile networks as well every clients need to be configured to the proxy server. Also there are services/programs/games that can’t be configured to use a proxy server and don’t use the global setting (operating system) -> just as the stupid Steam platform.

What can be done or not is mostly up to the used clients. The firewall can do everything.

“because that means if you’r kids get smarter they will be able to go to website they are not allowed to go”

Don’t even try it. Just keep your network clean as far as you can and seperate it 100% from mobile networks that can’t be controlled that far.
My father failed when he tried to keep me of inappropriate stuff and so will I because of smartphones with mobile internet. And even not, they’ve friends with PCs that are not filtered at all so they can watch any content they want to and get access to any dirty platform thats on the net.
Exspecially because of the dirty platforms and lots of bad people out there it’s mostly important to talk to them about it. I’m not mince matters and that works quit well.

Good, I will keep figuring things out, I will post what my findings are.

Best regards

Yes that is right , they will be always a other way.
Talking is the best My father did not prohibit things to me,he talk to me indeed, I am doing the same, the only thing is some time (now a days) just around 5 click’s and you may be on a strange website we as adults now we are going to a strange bad website but they are not that good yet to notice it.
I need to say again, Ipfire is really good , I came from Routers with tomato firmware on them because I was searching for something more powerful and robust. I needed to decide in Pfsence and Ipfire, and as you can see I stick with Ipfire.

I check your setting and check mine as far i can see they are good to go.
I am trying again that strange website that is able to fool the urlfilter out and hope I can see what they are using to do that.

Max, thanks for your help, info and advice!