The web content filtering is a clever way to ensure that the client devices won’t get infected by malicious third-party software by either blocking a set of host names, IP addresses or entire categories. And this shouldn’t necessarily be limited only to potentially dangerous malware-ridden sites, it can also be adult content, gambling websites or any other type of site that you deem to be unsuitable to be accessed by the people in your network.
The web content filtering has been for a very long time a standard feature on most routers and it seems to have evolved from the basic manually-added keywords lists to constantly updated databases which are used in real-time. At the same time, the manufacturers really do like to push subscription-based features into the mainstream, so a lot of mesh WiFi systems lack a robust and comprehensive web content filtering.
Others router manufacturers have shamelessly stripped a good web content filtering implementation to then be sold back to you at a monthly fee. So, assuming that this is a feature that’s important to you, let’s explore what some of the main router manufacturers have to offer in terms of web content filtering and what better, as well as cheaper alternatives there are on the market.
Content filtering on an Asus router
Even if it may not be immediately obvious, Asus doesn’t offer its entire suite of software features on the cheaper WiFi 6 routers, so make sure to check whether the router that you intend to get has the AiProtection Pro or the Classic set of features. The good news is that both options offer category-based content filtering which can be found underneath the Parental Controls and it’s possible to choose which client device will be affected by content category limitation.
The four main categories are Adult (that also include gambling and violent content), Instant Message and Communication which are quite broad and include not only social media applications, but also blogs and Internet Telephony. This way, you can limit the access of your children to content you deem problematic. The third category is P2P and File Transfer which are excellent to limit the possibility of getting malware or viruses on your network – it will also work great at blocking the access to torrent websites.
The fourth one is Streaming and Entertainment and this is obviously tailored for office computers, where distractions may limit the productivity. These categories use Asus lists that are constantly being updated, so it should be fine in most situations. If that’s not enough, Asus has included far more options with its AiProtection suite. For example, the RT-AX82U that I used for this article offers Malicious Sites Blocking which essentially negates the need to choose a certain category or enter keywords manually because the router has your back and protects all your devices from accessing websites that have been flagged to contain malware, phishing, adware and so on.
Then, there’s the Two-Way IPS which should analyze each data packet and see if there is any malicious code slipping in. This way, you should be protected from DDoS attacks, as well as spam. Of course, it’s not a system that can compare with the Suricata or SNORT, but it’s still an additional layer of protection.
And no, not every packet is actually being analyzed because if it did, then you’d need to use modern Desktop PC hardware-level devices, not the weak, but more power-efficient consumer-based router. Lastly, there’s the Infected Device Prevention and Blocking which should be able to detect any infected device that’s in the network and block it from spreading the infection further into the network.
I noticed that the RT-AX55 was limited to the AiProtection Classic, so I assumed that the non-U models offer less in terms of software features, but then I saw that the Asus RT-AX53U also had the AiProtection Classic suite, so it’s just for the cheaper models. What’s missing is the Two-Way IPS. Will you miss it? Probably not, but yeah, be aware that it’s not present on the cheaper models – I suspect the hardware is not that powerful enough.
Content filtering on a Netgear router
I have criticized Netgear’s approach to how it made the Netgear Armor a subscription-based suite of features. And I also made a somewhat comprehensive comparison to the Asus AiProtection. Sure, it had some advantages, but overall, it was on par with what Asus was offering, so are Netgear routers cheaper? Hahaha, of course not.
In any case, let’s see what Netgear has to offer by default, ignoring the subscription-based features. I took the Netgear AX5 as an example and, on the web-based interface, I went to Advanced > Block Sites and it was possible to add the keyword or domain name that I wanted to be blocked all the time or on schedule. And there is also the possibility to add Trusted IP addresses. Besides keywords and host names, it’s possible to also Block Services. Indeed, Netgear wants you to do everything manually, so, while there is web content filtering on its routers, the manual labor is not going to be fun.
I suppose you could copy and paste a list of all know problematic websites, but who actually has the time to update it, not when the Netgear Armor comes to the rescue. If you pay for it. I mean, the web content filtering doesn’t get better, but the light IPS system makes a comeback to check some data packets for malicious code, there is web protection from known compromised websites and there is also the possibility to detect any infected devices from your networks.
The Netgear Armor will also block them. I suppose I should mention the URL Filtering feature, but yes, overall, you do need to pay for some proper web content filtering which may be annoying when other brands offer it as a part of the default package of features. I was wondering if a cheaper Netgear router would have different options, so I took the RAX10 out of the box to see what its web-based interface has to offer. I am sorry to have gotten your hopes up because it’s the same boring manual labor intensive web content filtering.
Content filtering on a TP-Link router
TP-Link has been a bit more conservative in its approach to the subscription-based features. Yes, they used to have a similar set of security features to the AiProtection when they were partnered with TrendMicro, but that went away after a few years and the new routers are less equipped. But did it have any impact on the content filtering? I used the TP-Link AX73 as an example, since it’s a mid-to-high range WiFi 6 routers and, using the web-based interface, I had to go to Security and find Access Control.
Here, I could block the access to certain devices to the network, but there was no web content filtering at all. This potentially makes TP-Link the worst offender since it completely removed the feature all together. Still, I didn’t want to jump to conclusions, so I checked the app – some manufacturers hate it when you’re not using their app because you know that tasty metadata is really tasty, so maybe TP-Link does offer this feature with its Tether app.
After checking the app, there is a section called Parental Controls within the Tools, but it will only allow you to create a whitelist of websites that your children can access. Again, borderline useless manual labor. So, to get proper web content filtering, you do need to install HomeShield. The good news is that there is a free version which includes a lot of important features such as Network Security Scan, the possibility to Block Websites and what they call the ‘Professional Content Filter’.
It’s very similar to what Asus offers since you can select between various categories, such Adult Content, Gambling, Social Networking Media, Downloads, Games and more. It’s also possible to block certain websites (not just a whitelist) and set a Bedtime schedule. The funny thing is that you can’t set time limits because that’s part of the Pro subscription. The HomeShield Pro will also add IoT security, malicious content filtering and port intrusion prevention.
Complementary web content filtering with PiHole
Yes, there’s additional cost to the hardware if you prefer to run it on a Raspberry Pi, but PiHole has access to a comprehensive list of websites that it will be blocked network-wise at the DNS level. And it’s free – you could just buy the developers a coffee. Furthermore, the cheery at the top is that you can also block ads, again, at the router level. So, all devices that are connected to your router will get less ads, have malicious websites blocked and you also get a log of what every device is doing on the network.
And that’s without any annoying monthly subscription. Overall, I think that Asus is ahead of the other (popular) consumer-based brands out there and, if you decide to use an Asus router alongside PiHole, you get the winning formula. If you have the budget to go above these types of routers, there is always the security gateways + wireless access point which do a far better job at keeping your network protected and to limit the access to certain domains for your client devices.
If you’re interested, you can always check out devices such as the Zyxel USG Flex 100.