====== Access Restriction ====== The Access Restriction menu contains functions that let you block: \\ * Access to the entire Internet. * Access to portions of the the Internet. * WiFi access to the network. \\ Access Restriction **rules only apply to HTTP (unencrypted) connections**. However, almost all web connections now use HTTPS (secure HTTP). As a result, this function is somewhat obsolete in terms of its ability to block Internet content. Restrictions are done based on rules and a schedule. Access Restriction only blocks traffic routed outbound to the Internet. It **cannot** restrict access between (switched) LAN clients. It also cannot block traffic when the device is used as a wireless bridge. For such scenarios, see the HOWTOs entitled: [[wireless_filtering|Wireless MAC filtering via script/scheduler]] and [[device_filtering|Block devices via script/scheduler]]. \\ Rules can be customized to block: \\ * Only certain sources * Only certain destinations * Only certain ports * Only certain protocols, or applications * Only certain HTTP activity * Combinations of the above \\ Rules can be edited in the Web interface, and through scripts. See this HOWTO: [[access_restrictions|Scripting Access Restrictions]]. ===== Access Restriction Overview ===== The table here displays all saved rules, both active and inactive. All rules are listed here. However, adding/editing rules forwards you to another menu where you edit them. \\ \\ {{:access_restriction_overview_cropped.png?775}} ===== Editing Access Restriction Rules ===== After clicking on the Overview table mentioned above, you will be taken to the Rule Editing page. Here: \\ * To delete an existing rule, click on it on the Overview menu, \\ then in Rule Editing, click **Delete**. * To **Edit **an existing rule, click on it on the Overview menu, \\ make the changes and click Save. * To **Add** a new rule, click the //Add// button on the Overview menu, \\ configure the changes and click Save. * On the Rule Editing page, sequential rule numbers will display \\ at the top left (For example: ID: 01) * These numbers will increment by 1 for each new rule you create.\\ \\ {{::access_restriction_editing_cropped.png?700x593}} \\ \\ **Enabled:** checking this enables this rule. \\ **Description:** here, you enter a name for this rule. \\ **Schedule:** here, configure the schedule settings for this rule. \\ * All Day - checking this applies the rule for the entire day \\ (for all days selected in the Day section). Enabling this \\ makes the Time options disappear. * Every Day - checking this applies the rule every day. \\ Enabling this makes the Days options disappear. * Time - here, set the start time/end time the rule will be applied. * Days - here, set the Days on which this rule will be applied. \\ **Type:** * Normal Access Restriction - sets the rule to include all \\ options set below the "Disable Wireless" option. * Disable Wireless - this rule will disable all router WiFi interfaces. \\ **Applies To:** * All Computers/Devices - this rule will apply to all network clients. * The Following... - the rule will apply to only the specified network clients.\\ Add clients by entering their MAC or IP address in the MAC/IP Address field, \\ then clicking //Add//. Clients must be added one at a time. * All Except... - the rule will apply to all network clients except the one specified.\\ Think of this as similar to a client whitelist. \\ Add clients by entering their MAC or IP address in the MAC/IP \\ Address box, then clicking //Add//. Clients must be added one at a time. \\ **Blocked Resources:** * Block All Internet Access - blocks all Internet access to the selected clients. \\ **Port / Application:** More than one rule can be configured, click the //Add// button to add a rule. \\ * Protocol - choose a protocol to block. Choosing a \\ protocol with fixed ports will grey out the port field. * Port - select a source port/destination port. \\ Then, enter the port number in the next box. \\ This may be greyed out if you chose a fixed protocol \\ in the Protocol field. * Application - select which application to block. * Address - select source and/or destination IP address, \\ then enter the IP address in the next field. \\ \\ **HTTP Request:** In this field, enter the text on which the Access Restrictions in this rule will be applied. \\ For example: An entry that contains: "%%^begins-with.domain"%% will block access to any domain that start with the text "begins-with". \\ \\ An entry that contains: "%%.ends-with.net$"%% will block any domain that ends with "net" . \\ \\ An entry that contains: "%%^www.exact-domain.net"$%% will block any entry that begins with "www.exact-domain" and ends with ".net"\\ \\ **HTTP Requested Files: ** This function will block downloads of certain file types, including: * ActiveX - this will block Windows controls (which usually have \\ an.ocx or .cab file ending). * Flash (swf) - this option will block Flash .swf files. * Java (class, jar) - this option blocks Java (usually class or .jar) files. \\ \\ **Delete:** deletes the Access Restriction rule displayed on the screen. \\ **Save:** saves the current rule displayed on the screen. \\ **Cancel:** cancels the current rule change(s)/creation, returns you to Access Restriction Overview. \\ \\ \\ \\ \\