I've done some thinking and there is a very simple reason why it doesn't work...
The webstr extension looks at the http header to see the host. On https connections this doesn't work because all data, including the header, is (obviously ) encrypted.
I've done some thinking and there is a very simple reason why it doesn't work...
The webstr extension looks at the http header to see the host. On https connections this doesn't work because all data, including the header, is (obviously ) encrypted.
I agree that's why, and iptables won't help for that. But it's possible to filter it on the dns lookup (which doesn't use encryption), and not return a dns address. (Although I'm not sure how dns requests are sent. It could be very difficult to determine a dns request from any other tcp request.)
In either case, a solution like opendns would work, but can be circumvented by doing a dns lookup manually (using one of many web services).
Actually, even in https requests, the destination ip address is visible (obviously, how would the router know where to send it ). You could block the ip addresses of any given dns. (Although, a lot of big sites have a ton of random IP addresses, and it would be a big deal to do it all manually. It would be convenient to have a script that constantly checks the domains - and subdomains - on a regular basis, and keeps the iptables updated accordingly.)