This setup has failed twice for me; for two different routers. Now I hear that this might be a problem with HTTPS rather than the routers. I'd love to hear from experts about a potential solution for me.
Problem
I want to limit Internet access for some of the PCs in my local network to a small set of websites. For example, those particular PCs should be able to access google.com, khanacademy.org and a handful of other sites, but nothing else.
Approach
Routers provide two types of Parental Controls called Blacklists and Whitelists. Whitelists provide exactly the feature that I need; i.e. I can type in a list of allowed websites for a MAC address and router will then not allow that machine to access any other website.
Failure
I have tried it with two routers from two different companies; one was Archer D7 from TP-LINK whereas the second one was EG8247H5 from Huawei. Both provide black and white list features in Parental Control, but none of them actually works. Having a whitelist configured for a machine's MAC address doesn't change anything about that machine's Internet access. All websites remain accessible as if there were no whitelists.
New Theory
I contacted my ISP about the problem. They told me that filtering Internet access is mostly not possible because of HTTPS. The information packet is encrypted end-to-end and therefore router has no way of knowing the server name that is being accessed, thereby making this white-listing feature totally useless. I argued that if that were the case, why did the router company added this option in the first place, to which they said that some high-end models from the company actually have specialized hardware that can dig deep into those packets and fetch destination server name from it, but the companies in order to save money deploy one generic software for all their models that includes all features, even the ones that are not supported on low-end models.
I don't know how realistic this story is; whether the ISP is just trying to play games or if this actually is the case. Has anyone successfully configured router-level white-listing and if yes, what router did you use (just to prove that HTTPS story is not true).