Cannot ban/block BBC news site.

[jebus197]

^ what part of blocking an IP do you people not understand.. he wants to just block www.bbc.co.uk/NEWS not www.bbc.co.uk

This is not possible via IP, if he blocks the IP or resolves to the wrong IP for that host www.bbc.co.uk sure he will not have access to /NEWS but he wont have access to www.bbc.co.uk either.

If you have changed your mind and your ok with blocking the whole SITE bbc.co.uk -- then do that via your host file or router if supports it or for that matter opendns, etc. BTW I don't believe opendns will block www.site.tld/NEWS -- I don't see how its possible, its DNS service not a webfiltering server(proxy).. If you when your machines wants to go to www.bbc.co.uk it gets the IP for that Fully Qualified domain name via dns.. Which is going to be exactly the same if you want to got to www.bbc.co.uk/NEWS

as to this statement "but I have a dynamic IP and there's no IP updater agent that I know of for Ubuntu./"

So -- how often does your IP change??? I have had the same dynamic IP for prob a year now, only reason it changed is I changed the interface on my router so my mac changed - if I wanted to keep the old one I could of change set its mac to my old one, etc.

Just because your ISP assigns you an IP via dhcp does not mean its going to change -- is your router on 24/7/365?? Then highly doubt it will change ever! And if it does, ok then access the opendns site and it will update your IP. the only reason you would have to worry about updating opendns with your IP is if your IP was changing daily.. Which might happen if you actually turn off your router or if directly connected via your PC with no router, etc. If you device is turned off for an extended period.

If you want to just block /NEWS your going to need use something that blocks specific URI, if your router does not do it - and you don't like the perfectly good solution I already gave you - the firefox addon with warning messages turned OFF.

Blocking just /NEWS is not possible via hosts file, firewall, opendns or any other name resolution, IP blocking solution.. Now if your ok with blocking the whole site www.bbc.co.uk, bbc.co.uk, bbci.co.uk, news.bbc.co.uk, etc.. then sure that can be done with host file, router even it sounds like, opendns, etc. keep in mind that machine will cache the IPs to these sites so changing your host file will not instantly block it, you would have to clear its local cache (reboot would do it) Even doing it on your router if this is dns based, your client will still have it cached -- so again, going to have to clear the local machines cache. Same goes for opendns.

But if you just want to block specific URI here is another solution

This should work and exactly what you ask for blocking sites that waste your time ;)

https://addons.mozilla.org/en-us/firefox/addon/leechblock/

LeechBlock is a simple productivity tool designed to block those time-wasting sites that can suck the life out of your working day. All you need to do is specify which sites to block and when to block them.

As to what your router can do -- what is the exact make and model number of your router so we can look at the manual for it and see!

Erm I haven't looked at my router in years. It's quite old, but I finally found it. Yeah it's been switched on since forever. http://www.usr.com/support/product-template.asp?prod=5461

I thought he wanted to block all the BBC content stuff because he was flicking back and forth. Blocking the IP range would block access to most if not all of the BBC hosted sites and content.

No it was just the news. Their news site is huge.

Anyway in the end it just became a typically obsessive geek battle on how to effectively block a specific web site - without blocking the whole domain. Previously I would have thought this was possible - and desirable in some situations, particularly for admins. But it seems to be a lot more difficult than you might think.

I'm not sure if it's possible to block a specific website like this in Windows 7 Firewall? (Advanced configuration?) I don't use windows much, but it would be weird if you could do it in Windows but not in Linux.

[+BudMan MVC]

Well I just took a look at that routers demo web ui

http://www.usr.com/support/5461/5461-ui/index.html

And it has NO support for what your wanting to do.. It has no support from what I see of blocking even IPs -- you can block specific device on your network from accessing the internet in general, you can block machines on your network from accessing say FTP or HTTP, HTTPS, etc. But you can not block from going to specific IPs

The only way I can see blocking anything on that router would be to setup a static route on the IP for the IP/network to go to the wrong place.. You could block bbc.co.uk that way -- but it would block Everything on that specific IP, or network, etc.. Not what you want from my understanding.

You could get a better router that has the functionality you want ;) You can use the either of the 2 addons I pointed to, or you could run a proxy like squid and block them that way.

edit:

"Anyway in the end it just became a typically obsessive geek battle on how to effectively block a specific web site - without blocking the whole domain. Previously I would have thought this was possible - and desirable in some situations, particularly for admins. But it seems to be a lot more difficult than you might think.

No it is quite EASY to do -- if you have the right tools!! Companies use specific content filtering software - ie a PROXY!! Websense is major player in the commercial market. For the DIY tech there is SQUID - squidguard, for example.. If I wanted to block it on my network it would take like 10 seconds to setup. Add the squid/squidguard package to my router and block the specific URI's I wanted to block - done.

Doing it at the browser level would not be the best solution no matter if home or a work network -- if you have need of filtering web content, then you need to use the correct TOOL is all.. A firewall is not the correct tool, a proxy is the correct tool for filtering webcontent. Now some Firewall packages might include web filtering in their feature set.. But as I already went over a firewall blocks/allows protocols, IPs, ports. What wanting to do is block access to basically TEXT that rides on/in the http protocol on port 80..

You are accessing a webserver using HTTP (tcp port 80) This webservers name resolves to a specific IP -- what your saying is allow access to 80, allow access to that IP -- but block "CONTENT" from /news that that server serves up.. That is NOT the job of a firewall, that is NOT the job of DNS -- to do that sort of thing you using a PROXY that is looking at the content of HTTP protocol.

Now they do have a specific FQDN that you can block with dns or IP and that is news.bbc.co.uk -- that you via your host file, opendns, etc. But those are not going to stop you from access bbc.co.uk/NEWS

Which is really CNAME for

;; QUESTION SECTION:

;news.bbc.co.uk. IN A

;; ANSWER SECTION:

news.bbc.co.uk. 900 IN CNAME newswww.bbc.net.uk

;; QUESTION SECTION:

;newswww.bbc.net.uk. IN A

;; ANSWER SECTION:

newswww.bbc.net.uk. 300 IN A 212.58.244.59

So if you don't want to be able to get to news.bbc.co.uk host then block that IP at your firewall, or have it resolve to wrong IP..

So in you hosts file put

127.0.0.1 newswww.bbc.net.uk news.bbc.co.uk

Then clear you cache -- ie reboot your box!! Now ping news.bbc.co.uk -- if it returns 127.0.0.1 then your NOT going to be able to access that website, if resolve to its true ip then you did something wrong ;)

[jebus197]

Well I just took a look at that routers demo web ui

http://www.usr.com/support/5461/5461-ui/index.html

And it has NO support for what your wanting to do.. It has no support from what I see of blocking even IPs -- you can block specific device on your network from accessing the internet in general, you can block machines on your network from accessing say FTP or HTTP, HTTPS, etc. But you can not block from going to specific IPs

The only way I can see blocking anything on that router would be to setup a static route on the IP for the IP/network to go to the wrong place.. You could block bbc.co.uk that way -- but it would block Everything on that specific IP, or network, etc.. Not what you want from my understanding.

You could get a better router that has the functionality you want ;) You can use the either of the 2 addons I pointed to, or you could run a proxy like squid and block them that way.

That's just a very edited version of the original guide - which doesn't seem to exist any more.

Take a look at these screens.

Does this look in anyway relevant? The Inbount and outbond configuration screens are identical. Clearly what I tried didn't work.

[+BudMan MVC]

sure you can block the IP for news.bbc.co.uk if you want with those.

Seems it wants atleast 1 condition.

So I would just put in that one specific IP with a netmask of 255.255.255.255 which means that exact IP and not a network.

if you want to fill out more, the destination port would be 80

Not sure where you got that IP your listing - I show this IP

newswww.bbc.net.uk. 300 IN A 212.58.244.59

What is the problem with that is that IP could change.. see that TTL of 300 seconds -- they might change it quite often, which would be a reason for such a small TTL.

Your better of blocking it based on name resolution in that case.

So edit your hosts file and point both the name and the cname to 127.0.0.1 and then ping it and you should see it come back 127.0.0.1

example

***********

budman@ubuntu:~$ ping news.bbc.co.uk

PING newswww.bbc.net.uk (212.58.246.80) 56(84) bytes of data.

64 bytes from bbc-vip001.cwwtf.bbc.co.uk (212.58.246.80): icmp_seq=1 ttl=48 time=135 ms

64 bytes from bbc-vip001.cwwtf.bbc.co.uk (212.58.246.80): icmp_seq=2 ttl=48 time=138 ms

^C

--- newswww.bbc.net.uk ping statistics ---

3 packets transmitted, 2 received, 33% packet loss, time 6934ms

rtt min/avg/max/mdev = 135.048/136.932/138.817/1.920 ms

budman@ubuntu:~$ echo "127.0.0.1 news.bbc.co.uk newswww.bbc.net.uk" >>/etc/hosts

-bash: /etc/hosts: Permission denied

budman@ubuntu:~$ sudo su

[sudo] password for budman:

root@ubuntu:/home/budman# echo "127.0.0.1 news.bbc.co.uk newswww.bbc.net.uk" >>/etc/hosts

root@ubuntu:/home/budman# cat /etc/hosts

127.0.0.1 localhost

127.0.1.1 ubuntu.local.lan ubuntu

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

127.0.0.1 news.bbc.co.uk newswww.bbc.net.uk

root@ubuntu:/home/budman# ping news.bbc.co.uk

PING news.bbc.co.uk (127.0.0.1) 56(84) bytes of data.

64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.519 ms

64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.111 ms

^C

--- news.bbc.co.uk ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 0.111/0.315/0.519/0.204 ms

root@ubuntu:/home/budman#

******************

Notice how that IP is different that what I grabbed before and different than what you used -- they must be changing it quite often!! So that prob why your block on your router will fail!!!

So in the above example I added the 127.0.0.1 for those hosts to my hosts file. I need to sudo up to have permissions, then verified it was in my hosts file with a cat, then notice when I tried to ping it - it now resolve to 127.0.0.1 -- so there is NO way that box is going to be able to access news.bbc.co.uk thats for damn sure.

But the problem with that is I would still be able to access www.bbc.co.uk/NEWS

[jebus197]

Yeah, cheers dude. The router block failed as predicted. I'm happy enough with the two extensions you pointed me to. I have them both, so it's a double reminder to pull my thumb out my butt and get on with what I need to do. I'm certainly not alone in my problem, as these are very popular extensions and every guy reading this has probably been addicted to some kind of Web site at one point or other.

It used to be Neowin for me (for several years, I'm not as new a member as I might look lol), then it was digg, then reddit. I weaned myself off of these by taking a similar approach. (I wish it was as simple to do this with some of the more 'adult' free video sites there are, but I have learned trying to do this really is pointless. Heterosexual guys are hard wired to want to look at pretty naked young women lol, so even if you last a week, you will always go back and unblock them.)

As for the BBC, you have to take your hat off to them. They seem almost bomb proof, lol. I guess they make it deliberately hard to block them as they have this thing about being the 'voice of the free world' etc. (Whether it's true or not is another matter.) But It does make you wonder if an admin at work wanted to do it, how he would go about it?

[+BudMan MVC]

"But It does make you wonder if an admin at work wanted to do it, how he would go about it? "

I already went over it - it would take 10 seconds.. With the right tools!

[jebus197]

"But It does make you wonder if an admin at work wanted to do it, how he would go about it? "

I already went over it - it would take 10 seconds.. With the right tools!

You mean an admin would use simple plugins/extensions to block a specific web site but not the entire domain? They're pretty easy to overcome - by for example using another browser (as I discovered, as I remembered I also had Chromium installed, and ended up having to attempt mirror my FF set up, with equivalent Chromium extensions too). Even then there are portable browsers one can use. Then I remembered I had a virtual machine running Windows XP, so I ended up copying my FF profile to that too. Also if you were really determined, you could run Foxyproxy, or use a free web proxy. (Although clearly I wouldn't do any of this.)

Either way I think the lesson is it's damned hard to block a web site, especially one like the BBC news site (and the BBC in general), which provides multiple modes to access it and multiple IP addresses (I found at least ten separate IP addresses on their domain that accessed the main BBC news web site - and I suspect as you said that these probably do regularly change too.)

I haven't excluded myself completely though. I still have my Windows partition, so if I was ever desperate to read about an important world event, I suppose I could always use this. (Although again I doubt I'll do this often). I just wanted to sanitise my system a little and prevent the habit of 'casual clicking' on my own most common links. It just gives me a little bit of pause for thought about what I'm doing and enough encouragement to break the habit.

While this started out as an exercise on how to block some annoying web sites, it rather ended up becoming a somewhat obsessive exercise in learning how this could be achieved. I wonder if the Chinese government have as equally difficult a time?

PS

This also does mean after today that I will probably add Neowin to my blocklists. :-(

[TurboTuna]

No, its not difficult. You just appear to lack the understanding needed to acomplish such a task. Content Filters/Proxies are the main method of filtering sites/urls/domains/anything in the corperate world.

If you're honestly going through this much trouble to put a block into place that you're only going to bypass yourself you need to take a look in the mirror and have a word with yourself, clearly.

[+BudMan MVC]

"You mean an admin would use simple plugins/extensions to block a specific web site but not the entire domain? "

Where did I say anything of the sort?? I clearly went over how it would be done in a work environment -- WITH A PROXY!! Content filtering solution designed for the enterprise, ie something like websense or webwasher, etc. etc.

as example; one customer I support uses hosted websense.. Proxy in the cloud sort of thing -- they lock down their firewalls to only allow access to proxy IPs and port 8081, 8082 -- its impossible for a user to access a website without going through this proxy.. Since their firewall only allows you to talk to said proxy.. If proxy oks sitex.com/whatever then you can access it -- if proxy says NO, then you are not accessing it.. It takes like 10 seconds to block or whitelist any sort of specific URI

So I can block access to /NEWS or news.bbc.co.uk but allow access to bbc.co.uk/somethingelse just fine.

"Either way I think the lesson is it's damned hard to block a web site"

Again UTTER NONSENSE!!! If done at the gateway -- that is not some POS home router its simple as pie.. As already mentioned if you REALLY don't want anyone going to anything.bbc.co.uk you can just block their whole netspace

What your wanting to block ie /NEWS off some domain -- you need the right TOOLS!!! and then its quite simple! Fire up a squid proxy on you network and see how is it to block stuff - its kids stuff!

Those addons are fine for someone with the self control of monkey with a bunch of bananas in front of him, but they are NOT how its done in the real world at all.. use the right tool for the job -- what your asking is how do I screw in my straight head screw, and you want to do it with a phillips head and a hammer.

[jebus197]

No, its not difficult. You just appear to lack the understanding needed to acomplish such a task. Content Filters/Proxies are the main method of filtering sites/urls/domains/anything in the corperate world.

If you're honestly going through this much trouble to put a block into place that you're only going to bypass yourself you need to take a look in the mirror and have a word with yourself, clearly.

I don't need the insult thanks. Like I said this became more of an exercise on how to achieve this because it's a useful thing to know how to do (to block a web site if you have to), and my original question had little to do with it. I thought it would be easy. But clearly others here found it challenging too.

If I look in the mirror I'm happy enough with what I see. I think you should direct your small tight mouthed comments to the guys on here with post counts in the thousands, or the 10's of thousands. Not just here, but on 100's of thousands of similar forums across the web. (In fact you aren't doing too badly on that score yourself mate.)

The objective for me was simply to block a small annoyance. That's why web filtering extensions like this exist. I suggest it's you who needs a reality check if you don't think there are guys who do waste too much of their time on the internet (and in pointless debates like this.) and who wouldn't benefit from a little bit of self-imposed filtering.

Like I said everything is working more or less the way I want it. So problem solved.

[jebus197]

"You mean an admin would use simple plugins/extensions to block a specific web site but not the entire domain? "

Where did I say anything of the sort?? I clearly went over how it would be done in a work environment -- WITH A PROXY!! Content filtering solution designed for the enterprise, ie something like websense or webwasher, etc. etc.

"Either way I think the lesson is it's damned hard to block a web site"

Again UTTER NONSENSE!!! If done at the gateway -- that is not some POS home router its simple as pie.. As already mentioned if you REALLY don't want anyone going to anything.bbc.co.uk you can just block their whole netspace

What your wanting to block ie /NEWS off some domain -- you need the right TOOLS!!! and then its quite simple! Fire up a squid proxy on you network and see how is it to block stuff - its kids stuff!

Well that's what I'm trying to learn - aswell. It's not just about preventing some annoying web sites. I just think it would be a useful thing to learn how to do. Lol. If Squid proxy (specifically) had been mentioned originally, maybe this could all have been resolved a lot quicker.

So I assume that does filtering? I'll look into it. Thanks.

[Fred Derf Veteran]

Wow, now he's wasted a lot of time trying to block himself from wasting time. I'm not sure much progress was made here. Sometimes the best solutions are not technological.

[+Frank B. Subscriber²]

To the OP: What you're trying to do is overkill. Learn to restrain yourself. Close the browser when you need to concentrate on studying.

<insert comment about the youth of today here>

[jebus197]

Wow, now he's wasted a lot of time trying to block himself from wasting time. I'm not sure much progress was made here. Sometimes the best solutions are not technological.

Lol, I somewhat agree. However I also wanted to learn how to effectively filter a web site. So it became more than just the original question.

But you're right. You have to be damn careful on these forums, as even 'simple' questions like this can lead you down a long and winding road. Like almost everything to do with computers, what you think will take 10 minutes, often ends up taking 4 or 5 hours.

When I'm rich enough (if that ever happens) and I don't have to use computers any more, I think I will throw mine into the sea.

In any case like I said, this web site is now also blocked. Posters are starting to veer off from the original question and having little personal jibes. It's exactly that kind of stuff that taught me not to spend too much time posting on forums originally.

[+BudMan MVC]

If Squid proxy (specifically) had been mentioned originally, maybe this could all have been resolved a lot quicker.

I clearly stated it in post #11 of this thread

https://www.neowin.net/forum/topic/975926-cannot-banblock-bbc-news-site/page__view__findpost__p__593702304

What your looking to do is block on specific URI -- which not the function of a firewall, that is a content filters via a proxy, you could do it with squid proxy for example.

Only reason It took that long is trying to tell you what you did wrong in your hosts file, etc.

BTW - I stated it again in #27

https://www.neowin.net/forum/topic/975926-cannot-banblock-bbc-news-site/page__view__findpost__p__593702992

or you could run a proxy like squid and block them that way.

Same post

For the DIY tech there is SQUID - squidguard, for example.. If I wanted to block it on my network it would take like 10 seconds to setup. Add the squid/squidguard package to my router and block the specific URI's I wanted to block - done.

So it seems other than your complete lack of any self control ;) You also lack basic reading comprehension ;) hehehe

[jebus197]

I clearly stated it in post #11 of this thread

https://www.neowin.net/forum/topic/975926-cannot-banblock-bbc-news-site/page__view__findpost__p__593702304

What your looking to do is block on specific URI -- which not the function of a firewall, that is a content filters via a proxy, you could do it with squid proxy for example.

Sorry I missed that part. Lol. Thanks. Like I said I'll look into it. There's also something else called Dansguardian. I'll look into that more when I have time too.

Anyway thanks for everything.

Bye.

[+BudMan MVC]

yeah dansguardian requires a PROXY ;)

Software Requirements

* Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, Solaris or HP-UX.

* GNU C++ (The one that comes with RedHat Linux 8 is perfect). Only required if you are not going to use an RPM or other package.

* Squid or oops for the proxy.

Ok just to follow through -- this is how freaking easy it is with the RIGHT TOOLS!! So I installed the squid and squidguard packages (squidguard just makes it easier to create rules, use external blacklists, categories, etc.) Its like dansguardian

So installed the packages - 2 minutes tops.. No reboot or anything ;) Click -- they install

Create custom category, put in my bbc.co.uk/news url set that category to be denied.

Now look at there - I can access bbc.co.uk but not /news

Total time maybe 5 minutes -- Use the right tools, EASY!!