URL Filtering now only works in Firefox
I previously had URL filtering to completely block tiktok and numerous other URLs associated with TikTok. As far as I could tell, things worked fine, except on mobile devices which it never worked on.
Yesterday however I noticed hardwired PCs were able to visit tiktok. I confirmed the URL Filtering rule was the same as it was previously. The only change was an update I ran for deep packet inspection.
Oddly, I notice when trying to visit tiktok in Firefox, I receive the error I would get previously "Secure Connection Failed", unable to connect.
However in Brave, Edge, and Chrome I can access the website (And any website I try to block). Changing the block to another website like Yahoo produces the same result. Blocked in Firefox, reachable through every other browser.
I have completely cleared the cache of each browser (Cookies, Site Data, History, browser dns cache) and flushed DNS. The result is the same.
Another device on the same LAN has the same experience, blocked in Firefox, unblocked in everything else.
I even installed Google Chrome (Having never been installed on this machine previously) which was able to 'bypass' the block.
When Googling someone mentioned "URL Filtering doesn't work with HTTPS", yet somehow it did previously? At this point I am at a loss and curious what could be causing this or how it is even possible.
Hi @db0330
Thanks for posting in our business forum.
Is there an update to the Chromium-based browsers?
TLS 1.3, if you disable that, will the URL filter work effectively?
I think the problem originates from the browser after gathering some further information about this.
A new firmware will be coming soon regarding this browser update problem. Will release the firmware on the forum once I am informed.
Hi @db0330
Thanks for posting in our business forum.
Post what you have been configured for the Tiktok. In the guide I have written previously, I have explicitly asked anyone who intends to block sites like YouTube or any big company software/app, you are supposed to look up all the related domains and block them. Simply blocking Tiktok.com would not take effect at all.
CDN vs regular domain is different.
It is no longer a matter of you upgrading/downgrading the router to test if the URL filter is broken or not.
If you have done this, it only indicates that the rules you use expire.
Note that the URL is not static. They may add/change that or the stream URL. As for the URL filter, the maintenance of the rule should be done by you if you notice that fails.
For example:
Hi @db0330
Thanks for posting in our business forum.
Is there an update to the Chromium-based browsers?
TLS 1.3, if you disable that, will the URL filter work effectively?
I think the problem originates from the browser after gathering some further information about this.
A new firmware will be coming soon regarding this browser update problem. Will release the firmware on the forum once I am informed.
Clive_A wrote
Hi @db0330
Thanks for posting in our business forum.
Post what you have been configured for the Tiktok. In the guide I have written previously, I have explicitly asked anyone who intends to block sites like YouTube or any big company software/app, you are supposed to look up all the related domains and block them. Simply blocking Tiktok.com would not take effect at all.
CDN vs regular domain is different.
It is no longer a matter of you upgrading/downgrading the router to test if the URL filter is broken or not.
If you have done this, it only indicates that the rules you use expire.
Note that the URL is not static. They may add/change that or the stream URL. As for the URL filter, the maintenance of the rule should be done by you if you notice that fails.
For example:
@Clive_A
Thanks for your reply. I have seen your posts when googling the issue and couldn't quite understand why the URL Filtering worked previously (and continues to work in just Firefox). Per your guide and numerous posts my URL Filter rule has a ton of URLs I've found to be related to TikTok (In this example). I'll post that later today. As far as the "ERR_Connect_Reset", my understanding was this showing in Firefox is the URL Filtering actually working. I only receive this error in Firefox, when visiting blocked URLs. Any other website loads without issue.
If I change the URL Filter to block another website (Yahoo, Reddit, etc.) Firefox gives me the "failure to connect" message (Which I thought should be expected). But in any Chromium browser (Chrome/Edge/Brave) I am able to visit the sites as if there is no URL Filter.
I will check the setting you mention and post my URL config, and check the TLS config in each browser. Thank you very much!
@Clive_A Simply because I said I would, here is my config for anyone who comes across this thread in the future. I do remember I followed your guide when I first set it up. As you mentioned it probably isn't a complete list but has served me well enough until experiencing this issue. I'll have to come up with a more complete list somehow.
I looked and there were no updates for either Brave/Edge/Chrome. I checked the flags for all TLS 1.3 settings in each browser and as mentioned above disabling the "TLS 1.3 hybridized Kyber support" flag solved the issue. As far as looking up all related domains, what tool are you using in the screenshot you provided?
Thank you very much for your help!