← Back to Docs

Parental Controls

How It Works

Parental controls in TLSOps are DNS-based, powered by AdGuard Home. When a device queries for a blocked domain, TLSOps returns a blocked response before any TCP/UDP connection is made. The block is enforced at the network layer and applies to every app and browser on the device — no per-app configuration required.

Setting Up Filtering for a Device

  1. Go to the Devices tab and click the device you want to filter
  2. Click the Filtering tab on the device card
  3. Enable the content filtering categories appropriate for that device: Adult content, Social media, Gaming, etc.
  4. Click Save — filtering applies immediately

Safe Search and Safe Browsing

Enable Safe Search to force Google, Bing, DuckDuckGo, and YouTube into their safe-search modes. Enable Safe Browsing to block domains associated with phishing and malware. Both can be applied per device.

Service Blocking

Block entire services by name — social media platforms, gaming networks, or video-streaming sites. TLSOps uses maintained domain bundles so the block covers all subdomains and CDNs without manual list management.

Per-Device Filtering Profiles

Each device has its own filtering profile. Children's devices can have strict filtering while adults on the same network remain unrestricted. Changes take effect immediately with no reconnection needed on the client.

What Is Not Supported

  • Time-based rules (blocking after a certain hour) are not currently supported
  • TLSOps already blocks common encrypted-DNS bypass paths such as UDP 443 and TCP or UDP 853. If an app is pinned to a known HTTPS resolver domain, use DNS Rewrites to intercept that resolver domain if needed.