I've been looking everywhere for this. Does anyone know how to block a specific URL on a DD-WRT router? For example, I want to block website.com/whatever but not website.com, blah.website.com, or website.com/blah. Is there a way to do this, or can you only block the whole domain?
I tried adding the URL in question under Access Restrictions in the DD-WRT configuration but it doesn't seem to have any effect. Here are my settings:
and here is the list of clients:
I can still easily browse to google.com/imghp and google.com/images (which redirects to google.com/imghp) on my main PC with IP address 192.168.1.146.
On this page of the DD-WRT wiki, it says "Under Website Blocking by URL Address, enter in the domain name(s) you wish to block (if any)." This, in addition to posts on the DD-WRT forums, gives me the impression that you can only block domains under Access Restrictions in the DD-WRT setup.
I'm starting to wonder if this problem must be solved using iptables, or possibly by installing a proxy server on the router itself.
EDIT
User goli on the DD-WRT forums had this to say on the matter (link):
There's a Privoxy version that runs on DD-WRT quite well. I just installed it.
Privoxy has a parameter "accept-intercepted-requests 1" that allows to use it as a transparent proxy.
I added a single iptables rule that passes some web traffic requests to the proxy instead of directly routing it:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -s 192.168.0.128/255.255.255.224 -j DNAT --to 192.168.0.1:8118Privoxy has so called "actionfiles." Those define what to do when a request URL matches a given regular expression. One of the possible actions is "block."
Since then, I've been working on figuring out how to install Privoxy on the router. It's rather complicated, especially since I don't have enough spare flash memory to install it via SSH using ipkg. (See this question on Super User.)
My second approach is to use the Firmware Modification Kit, which you can read about here. I've had some difficulty flashing a custom build, but once I get it all sorted out I'll post my results here.
Best Answer
Unfortunately, the impression I get (from the DD-WRT forums) is that you can only block domains under Access Restrictions in the DD-WRT setup.
I've decided instead to set up a dedicated proxy server with DansGuardian installed on it, which will allow me a fine level of control, and block any requests that don't go through the proxy on the router using iptables in OpenWrt.