Is there any reason why a particular hostname can’t be filtered?
Out of the above list I chose one host: cloudfront.net and setup a category and a rule for it.
Here’s my filter list (in the order they appear in the catagory) : .cloudfront.net cloudfront cloudfront.net
I shutdown all the running programs and rebooted (clean starts are good). After the reboot I ran FireFox and went to whois.arin.net (it’s a clean page, no ads or external connections that I’m aware of).
I opened a DOS prompt and ran Windows NetStat like so: netstat -bv to get a list of connections and the DLL/EXE’s associated with each connection.
Here’s what I saw:
Proto Local Address Foreign Address State PID
TCP ws1:1253 server-54-192-39-218.jfk1.r.cloudfront.net:https SYN_SENT 2340
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
C:\Program Files\Mozilla Firefox\nss3.dll
– unknown component(s) –
[firefox.exe]
Not sure, I don’t think you can block hostnames like that using website filter, rather the website filter needs the actual domain which in this case is whois.arin.net and not cloudfront, if I’m not mistaken.
Not sure, I don't think you can block hostnames like that using website filter, rather the website filter needs the actual domain which in this case is whois.arin.net and not cloudfront, if I'm not mistaken.
Oops, I should have been more clear. The two cloudfront.net connections in the above listing appear before any web pages are loaded.
It appears FF, for some reason, is making connections into cloudfront.net. Since I really don’t know the purpose or content, of the connections, I’d like to prevent them.
I created a new category (Sites To Block) and added it to the Blocked Sites rule. I left the Restrictions set to Block for the Everyone user and logging is enabled. The Blocked Sites rule is enabled (has the green switch set to on).
It doesn’t seem to want to block that hostname for some reason.
Maybe I should have asked this question first – has anyone been able to block cloudfront.net? Every way I’ve tried to block it, using a hostname, hasn’t worked. Hmmm.
Is it possible wildcard matching (.somesite.com) isn’t working correctly? Just a thought.
Never got hostname blocking to work correctly. The wildcards don’t seem to function properly. Oh well I’m back to using IP range blocking. It works great. Lots of work though.
What would be really awesome if I go to a website, can right click on the URL and block / unblock it via the Comodo Firewall right there and then instead of opening up the program and going through all the menus. Perhaps a browser plugin even would do that imports / exports these to the firewall.
Perhaps there already is one, I am just not aware of it. Or its a feature idea for the suggestions portion of these forums.
The source of the above problem was two web sites I use on a daily basis. I usually start them up about 9am and leave them running all day. Up until about 8 weeks ago this wasn’t a problem. Then, for some strange reason, I started seeing daily DSL data totals increase by 5-10 times. Obviously something, somewhere changed.
It turns out this started happening right after an update to FireFox. Oh stupid me had FF ‘auto-update’ enabled - bad idea it turns out. Something in the new version I got had been changed. I don’t know what and I still haven’t found the exact problem.
FF, even if you disable all external-access options, insists on calling out to a few websites. It might be getting update data for something, I don’t know. I looked through tons of options in about:config and followed FF’s instructions for disabling external access, mostly to no avail.
You see the problem I have, with a piece of software making external calls, is I really don’t know what it’s sending/receiving. It might be transfering my source code to some off-shore group. Or maybe grabbing my confidential proposals and posting them to FaceBook. Or it could be DLing porn to my system (hey, wait a second…). Because I don’t know what’s moving through the connection I can’t trust it.
At least the FF people could post a list of external sites that FF contacts. Then when FF hits the firewall I’ll have a bit of a clue. Cmon guys help us out a little.
I’ve managed to choke off the data flow to a reasonable level. It’s not great but I can live with it.
(BTW CIS hostname wildcards don’t exactly work as the help docs say. website.com does not fire no matter what I do. I must have missed something in my configuration.)
I may have got the idea of website filtering wrong:
Does the filtering apply just to web sites entered into the FF address bar? And to Bookmarked sites? Does the filtering also apply to URLs (hostnames) embedded in HTML code?
I think I digested the filter help page wrong. It would explain a few things.