DrayTek DNS Filter
SSL/TLS ("HTTPS") Sites & DrayTek DNS Filter
Concerns regarding privacy and security have increasingly lead to web sites moving their services to web servers that offer SSL/TLS connections as standard. SSL/TLS connections are those prefixed with https:// or commonly shown with a 'padlock' symbol in your brower.
SSL/TLS is a protocol that allows communication to be secured encryption so that it can't be read by a third party - anyone in between you and the server. This security also extends to the actual URL (web address) that the user enters, which has an impact on web content filtering methods that categorise websites based on the URL that is being accessed.
The Keyword matching URL Content Filter is unable to make web content filtering decisions for HTTPS requests because the web address is encrypted. DrayTek's Globalview is also affected but the Globalview servers have other methods which can assist with categorisation decisions even when the URL is encrypted.
However a new feature is now available on various DrayTek products called DNS Filter.
When a PC tries to access a web site, it has to always convert that web address into an IP address (e.g. 126.96.36.199). That IP address itself cannot be encrypted by SSL/TLS because your router has to know where to send the data to!
DrayTek's new DNS Filter examines all DNS lookups that your PCs make and then make categorisation or content filtering decisions. DNS Filter can be used with both the Keyword matching URL filter (whitelists/blacklists) and the Globalview Web Content filter.
Details explaining how to setup DNS Filter on your router model are available in the knowledgebase here