Pseudo Web Blocking / Policies with Scheduling


#1

When it comes to website blocking there are a handful of ways you can do it and very few that can do it successfully especially at the HTTPS level without creating in-line/connectivity/reliability/bottlenecking/performance challenges. While PiHole is a DNS server (with value added benefits) it would be great if policies were introduced as a new feature. My thought would be the ability to set BLACKLIST/BLOCKING to a given domain based on the client making the request. For example if I have a certain client on my network via hostname/ip address/subnet I could blacklist DNS resolves for them but everyone else would get a valid DNS resolve. Use cases I am thinking of are policy blocking for my kids. I run pfsense with squidproxy and squidguard but it doesn’t work very well when it comes to blocking HTTPS. I would love to just flat out block various domains for their computer but everyone else (wife and I) have the ability to continue resolving as usual. Perhaps even the ability to leverage something like Shalla Blacklist (http://www.shallalist.de/) to block categories in the policy. Time based policy would be nice, they tend to be Youtube junkies and we try to block it after 7pm during weekdays. Would be great if I could create a scheduled policy that says: X host can DNS resolv *.youtube.com BETWEEN 08:00 - 19:00 SUN-SAT. If I had a policy with scheduling option I could in theory add all my AmazonFire TV Sticks, their computer, etc. to the scheduled policy and block resolving one or multiple domains for them during a scheduled window. Same for domain category policy blocking I can help control access to various sites or web proxies. The only challenge I can think of is any potential local caching on the network clients but in my testing it seems like most of my embedded device timeouts are very short. Would love to hear other peoples insights/feedback on such a feature request especially gaps I am missing/not considering.