Hi all. Please advise how to block a website (YouTube/FaceBook, etc) on a Ruckus ZD1112 ZoneDirector?

  • 2
  • Question
  • Updated 1 year ago
  • Answered
Website access restriction required.
Photo of Bradley Abrahams

Bradley Abrahams

  • 5 Posts
  • 1 Reply Like
  • Good

Posted 2 years ago

  • 2
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 332 Posts
  • 81 Reply Likes
Unless I've missed the feature in the last 4 years of usage this is not something you can do with a ZD.

It configures your APs, creates WLAN, allows/restricts clients, allocates bandwidth and frequencies, schedules and numerous other useful bits but upstream Internet sites is proxy/webfiltering stuff not ZD.

There might be some highly creative workaround...but that's for the clever folk to comment on.
(Edited)
Photo of Erotavlas

Erotavlas

  • 7 Posts
  • 0 Reply Likes
Hi,
I solved by using filtering at DNS level. In particular, I'm using openDNS free service https://www.opendns.com/home-internet-security/ that allows fine-grade blocking or preconfigured filtering at DNS level without any fee.
On the ZD you have only to change the DNS IP to 208.67.222.222 208.67.220.220
Best Regards
Photo of Bradley Abrahams

Bradley Abrahams

  • 5 Posts
  • 1 Reply Like
Thanks Max. Much appreciated.
Photo of Shrenik Jain

Shrenik Jain

  • 9 Posts
  • 1 Reply Like
IF these feature is included than it would be surely of a great sell value . BUt than it will increase complications in the device and Ruckus would need additional expertise for the Firewall Features . this could change the focus form Wifi . Hence I feel that Ruckus should continue to do its work on Wifi only . 
Photo of Erotavlas

Erotavlas

  • 7 Posts
  • 0 Reply Likes
Hi,
I solved by using filtering at DNS level. In particular, I'm using openDNS free service https://www.opendns.com/home-internet-security/ that allows fine-grade blocking or preconfigured filtering at DNS level without any fee.
On the ZD you have only to change the DNS to 208.67.222.222 208.67.220.220
Best Regards
Photo of Bradley Abrahams

Bradley Abrahams

  • 5 Posts
  • 1 Reply Like
Good point Shrenik. Would still be a good feature, especially in an educational environment.
Photo of Erotavlas

Erotavlas

  • 7 Posts
  • 0 Reply Likes
Yes, I agree with you. I'm working in a school and I was looking for a way to block services like whatsapp, facebook, youtube, instagram and so on.
I found how to block facebook and instagram by configuring application denial policies. It is very straightforward. However, I could not block whatsapp and youtube in the same way. I tried also to block the services by using port based rules and by following these guides https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp and https://stackoverflow.com/questions/9342782/is-there-a-way-to-get-all-ip-addresses-of-youtube-to-blo.... without success.
Any suggestions?
Thank you
Photo of Tuananh Nguyen

Tuananh Nguyen

  • 7 Posts
  • 1 Reply Like
Typically this stuff is hashed out at the firewall level, not the wireless equipment level. Otherwise it'd be stuck only blocking wireless devices.
Photo of Erotavlas

Erotavlas

  • 7 Posts
  • 0 Reply Likes
Thank you for the links. I will take a look in particular at pfSense.
Yes if you have money and you can afford such cost, it would be perfect a dedicated hardware solution.
I do not agree with you about circumvent solutions. Yes you can use a proxy or VPN or maybe you can also use TOR. The problem of all of these solutions is that the majority of app and website does not work with them so they are dummy solutions not real ones.
Photo of Lukas

Lukas

  • 24 Posts
  • 4 Reply Likes
I think you never really used a web-proxy, did you? Because nearly all web proxy are able to hande facebook and youtube and that's what students want to use (and you want to block). Just try google and you'll see.
And again: if you are able to buy ruckus, why not a proper firewall?
Photo of Erotavlas

Erotavlas

  • 7 Posts
  • 0 Reply Likes
Hi,
maybe you did not read my previous posts of this thread. I quote my self:

I found how to block facebook and instagram by configuring application denial policies. It is very straightforward. However, I could not block whatsapp and youtube in the same way.
So facebook and instagram are directly blocked by ruckus while youtube cannot .
be blocked.
For both wired and wireless devices of the school I can successfully block any kind of app and service at DNS level as explained before. In this case the users cannot change IP-DNS setting.
Regarding to mobile devices, students can try any kind of solution in order to bypass DNS or firewall filtering as you said. I confirm that apps as Orbot, TOR for Android, are very slow. A very useful, free and fast VPN and web proxy service is VPNbook https://www.vpnbook.com/.
However, after that I will implement all the filters, I will make some test and I will report here. As further limitation our guest wifi for students' mobile devices has very limited bandwidth.
At the moment our school is out of money with respect to time in which ruckus was bought (second hand).
Best Regards
Photo of Lukas

Lukas

  • 24 Posts
  • 4 Reply Likes
Ok, you might want to keep the following things in mind for your tests (there are based on my situation):
  • There are proxys,which aren't blockable by dns like this web proxy http://proxydisk0.appspot.com/ . This proxy is running on google App Engine (which is also used on many many other websites) and must be blocked on URL or Application-Filter level. Other websites/proxys are running on Amazon Cloud (AWS) services which also cannot be blocked by DNS.
  • Some Web-Sites allow to enter their corresponding IP into the browser to open it (we thought not only about youtube, but adult/file-sharing as well). When I did my tests I think that WhatsApp was such a case. 
  • To block torrents you need a clever firewall as torrents are usually capable of circumventing port-based or DNS-filteres firewalls (Popcorn Time!). In my country it is very popular to send out legal warnings to everyone who used torrents and each warning costs about 300$ (either you pay or you consult a lawer, which also needs money). Thereby it is not important that the full file was downloaded, even the access of one byte is "charged". And this can get expensive. Therefore one of my headmasters condition for running a WiFi for our students was that this will never happen.
  • When our studends learned in information science to build basic websites, at least one student per year installed a proxy on a free web hoster to prove to his classmates how dumb the admin of the network is. Actually I didn't like that :). Advanced firewalls are able to detect those custom proxys by pattern matching.
Therefore: I would highly recommend as soon as there is at least a bit of money: buy a firewall like this (there are other options depending on your contry): http://www.amazon.com/Fortinet-FortiGate-30D-Security-Appliance-FG-30D/dp/B00EZV3HKA/ref=sr_1_1?ie=U...
Photo of Michael Brado

Michael Brado, Official Rep

  • 2022 Posts
  • 283 Reply Likes
Ruckus frowns on SPAM on the Forum, but mostly for competitor adverts.
Your suggested different cost FW products are acceptable, being benevolent in nature.