http/s block

Question

http/s block

Opened this issue 3 months ago · 11 comments

Prerequisites

I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question

The problem

Good day! Please tell me, is it possible to block Internet access to all computers, with the exception of one, but so that the excluded computer would work filtering rules from the blacklist and user rules using adguard home? I solved this issue like this: I banned access to top-level domains, made an exception rule for one PC, but at the same time DNS blacklists stopped working, since they are in the .ru .com.net zone. Can you tell me if there is any other solution?

Proposed solution

Add buttton like "Disable internet acces" or "Block all http/https requests" in client settings

Alternatives considered and additional information

No response

Answer 1 · 2025-08-07T11:37:04.000Z

Use the client allow/deny list...??

Answer 2 · 2025-08-07T11:57:39.000Z

Custom filtering rules use only

||pro^$denyallow=keenetic.pro
||.io^denyallow=adguard-dns.io
||.ua^
||.de^
||.fr^
||.se^
||.cn^
||.cz^
||.ws^
||.show^
||.watch^

Answer 3 · 2025-08-07T12:02:35.000Z

Are you wanting to block access to internet/dns via AGH to all but one PC?

Answer 4 · 2025-08-07T12:12:10.000Z

True, but I also wanted DNS blacklists for this computer to work.

Answer 5 · 2025-08-07T12:21:30.000Z

So add it to the device allowlist.

This will block all other devices except for that one.

Answer 6 · 2025-08-07T12:26:32.000Z

Can you tell me where i can find it? Is it client settings in main settings?

Answer 7 · 2025-08-07T12:28:37.000Z

Settings - DNS Settings - Access Settings - Allowed Clients

Answer 8 · 2025-08-07T12:32:52.000Z

Oh THNX so mutch!

Answer 9 · 2025-08-12T10:29:26.000Z

You do realize that it is nearly impossible to block internet access only through a DNS server, right?

You'd need to block at the firewall level too, which would probably be more effective anyway...
If you do not specifically block all DNS (UDP/TCP, DOT, DOQ) they'd be able to just point at any other DNS. And even with blocking, it is almost impossible to block DOH, unless you have a MITM proxy, but then I'd just block on there instead to begin with...

Answer 10 · 2025-08-13T09:43:50.000Z

Yeah i understand that. I mean http/https web serfing.

Answer 11 · 2025-08-13T09:56:17.000Z

Yeah i understand that. I mean http/https web serfing.

AGH would restrict everything Domain name based, though, not just http/https... Again, a firewall or proxy (or both) would be better suited for that. Block outbound traffic on all ports, only open up dedicated hosts/ports as needed, force all web traffic through a filtering proxy.
And even if you intend to only let that one host out, and keep the rest contained, a firewall would still be better suited for enforcing that goal.