1

The desired flow is:

  1. I define websites forbidden to a specific Android device.
  2. If a specific Android device tries to browse them, block them. But but send a notification to another device/pc (preferably through a website) that can approve them temporarily.

It would be nice if it supported paths (like if it starts with facebook.com/something/posts/ then no, but if it starts with facebook.com/marketplace then yes).

If you offer a DNS service, the nice part will probably not be possible. But even more so, how can it limit just 1 device without letting the device remove the DNS settings?

Improve this question
3
  • The path of the URL is not accessible as it is protected within the TLS tunnel. Breaking TLS is no longer possible on stock Android devices that uses apps from Google Play. Therefore the "nice part" is not possible.
    – Robert
    Commented Nov 26, 2023 at 23:39
  • Please state more about the specifics of your use case, especially how far you want to go in terms of money or hardware, and sophistication.
    – Marcel
    Commented Nov 27, 2023 at 15:15
  • Well, free as in the title and tag and no software per the forum. Just something that will block a few chosen sites for a specific device and let me easily control it remotely.
    – LWC
    Commented Nov 27, 2023 at 15:27

1 Answer 1

Reset to default
1

If you really want go down the rabbit hole, a professional proxy service with deep packet inspection is inevitable.

If it's more like for parental control for a younger kid, Pihole is your friend. You can

  • define arbitrary blocklists
  • define device groups based on IP-Address
  • assign the blocklists to groups

Using this, you can block access to a specific domain for your single android device. I guess this is the best you can get for free / with cheap hardware.

I use this to block YouTube on my children's devices.

Requirements:

  • For device-specific blocks, you need to have a static IP assigned to the device in question, and set the DNS entry to your PiHole's IP address. (Any DHCP server allows this, but it must be configured)

Limitations:

  • There is an updated list of blocked domains, from which you can approve each one, but you don't get notified specifically.
  • As there is no packet inspection, it's either block or allow, not regarding the URL path
  • A sophisticated user could circumvent the DNS resolver, and either use IP addresses, or locally configure a different resolver altogether (on newer Android devices at least)
Improve this answer
7
  • But the internal IP address might be dynamic (due to auto DHCP). Also, does Pi-hole allow to approve certain paths in otherwise blocked domains? And does it accept notifications so I can approve blocked links momentarily?
    – LWC
    Commented Nov 27, 2023 at 13:51
  • I'll update the answer for your comment.
    – Marcel
    Commented Nov 27, 2023 at 13:53
  • Thanks! So no notifications for momentarily approvals. Can it accept a device name instead of IP? And regarding the path question?
    – LWC
    Commented Nov 27, 2023 at 14:01
  • You can configure device names in the DHCP service, which the PiHole displays, or override these names in PiHole, if you like. No path inspection, as the PiHole does not see the actual request, only the DNS request.
    – Marcel
    Commented Nov 27, 2023 at 14:05
  • I can't configure such if the IP is dynamic (and if it's not, I might as well use IP). In any case, out of what I've mentioned it offers a custom block list by IP/name. Do free cloud based DNS services allow blocking by - maybe not internal IP but any unique entity?
    – LWC
    Commented Nov 27, 2023 at 14:16

Not the answer you're looking for? Browse other questions tagged or ask your own question.