RegEx question: How to allow only a certain path (and sub-paths) of a domain but not above?

Dear Community,

I assigned a kid's device to group "kiosk", and to that group I assigned the blacklisted RegEx . (period, i.e. deny everything) and the whitelisted RegEx (\.|^)zdf\.de/kinder$ (from a German TV channel).

My plan is to allow only access to (www.) and paths below this (e.g. but to not allow access to (www.) and to (www.)<anything else than 'kinder/*'>.

However, this does not work, and even after studying the rich available information about RegEx and examples, I have not managed this, i.e. as long as I do not also add the whitelisted RegEx (\.|^)zdf\.de$, the to be allowed path cannot be accessed; thus, everything (also above) can be accessed, which I do not want.

Hopefully, I have described my problem precisely enough and well to understand. Thanks for sharing your thoughts with me how/where to further adjust my RegEx! :slight_smile:

Pi-hole is a DNS resolver, i.e. only deals with the domain/hostname lookup to an address. It doesn't and can't know anything about path portions of URLs.

1 Like

Ah, I should have known this, sorry! :blush: Despite this might then be OT here, do you or anyone else have some hint for me how to achieve what I have planned?

I am already successfully using Pihole to allow the kids' devices access only whitelisted domains, but if an additional tool could help, I would be glad to hear about it. Thank you.

In case your router is a Fritz!Box, why not configure the “Internet > Filter > Kindersicherung” feature for the device in question? There may be similar features present in other routers…

You may search this forum to find similar discussions about the limits of DNS-filtering for parental control and some leads to related additional sources, but your question may be more well-suited for a forum specialising in parental control.

Note that as far as DNS filtering is concerned, by itself it wouldn't be sufficient to excercise parental control on your kid's devices.
You should consider other network-side measures as well as in-built parental control support of certain OSs.