To accomplish this you would use URL Path Mode. The PATHs you specify need to match exactly to what is shown in the browser in order to work. More Information: https://www.tp-link.com/us/configuration-guides/configuring_behavior_control/?configurationId=18570#_idTextAnchor000

  @HellBent 

 

Thanks HB for your time.

 

I found one sentence in the document, related to what I think should work for me:

 

   URL Path: If a website address is the same as any of the entire URLs, the policy will be applied to this website.

 

So I tried three different test URLs ( I put the entire URL in the [Filtering Content] box ), and none were blocked :

 

https://www.tp-link.com/us/business-networking/omada-sdn-router/

https://www.tp-link.com/us/support/

https://www[dot]wsj[dot]com/?mod=nav_top_section

 

* note : The "https://" and the last "/" gets stripped from the [Filtering Content] box.

 

I think I need an example of what works from anyone.

 

Thanks in advance.

  @TCrain 

 

In a URL like https://community.tp-link.com/en/

 

https:// = Protocol

community = Sub-Domain

tp-link.com = Domain Name

en = Path

/ = Root Directory of the Path (Web Browsers work with or without the trailing slash and it all depends on how the web developer formatted their hyperlinks)

 

https:// and / get striped because URL filtering matches text and does not need the Protocol or the trailing /

 

Test using a HTTP site if you can find one. If that works then it means the ER7206 cannot analyze encrypted HTTPS traffic

  @TCrain 

 Well HB, you nailed it! 

 

I tried http://www [dot] testingmcafeesites [dot] com/testcat_an.html and it was blocked!  I'd always thought with HTTPS, the "GET <URL>" command was sent and the results where encrypted.  Because that's what's in the WireShark packet trace.

 

Yet for the documentation, it should be updated to include this inability to function as advertised when HTTPS is involved.

 

Yet for me, BTF what's next.   

  @TCrain 

 

In most Content/Web Filters, HTTP sites are blocked by examining the Host field of the GET request. HTTPS sites are blocked by examining the Server Extensions field in the Client Hello message and/or the CN in the Server Hello message. I have also found most Content/Web Filters can block HTTP by default, but HTTPS blocking has to be enabled manually if the feature exists. You are going to have to wait and see if they add support for HTTPS.

 

With that said, I find TP-Link equipment is not released "Full-Featured" to the market. You need to wait for the slow firmware releases. Their business routers are meant for Basic Small business needs. If you have any cybersecurity compliance requirements, I would recommend upgrading to an Enterprise Grade Router/Firewall like a SonicWALL. You can also try other 3rd party content filters. Some managed Anti-Virus applications allow you to block content as well.

  @HellBent 

 

I bought this thing in January just to filter out Websites and URLs.  Mostly because of the purchase price and annual support costs of a real firewall.

 

So I'll start looking elsewhere and at other devices.

 

Thanks HB for sharing your Knowledge!