You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems to me that using this script drastically reduces the browsing performance. I guess it has to do with the fact, that the browser tries to create a connection to localhost and waits till the timeout.
So I'm wondering if it would be possible to create windows firewall rules (using New-NetFirewallRule from the NetSecurity powershell module) instead of the hosts file.
I think this could result in a better performance, since the firewall would block the request with an HTTP 403(?) right away; instead of waiting for a timeout. It would also enable to add the rules to the AD domain and distribute it within a company network.
The text was updated successfully, but these errors were encountered:
MovGP0
changed the title
Performance promlem
Performance problem
Jun 9, 2022
In other words the firewall cannot block on domain name level but on ip address level. This would lead to more problems like performance (you have to resolve every single entry which is time consuming and most dns servers have query limits) and failure (some domain names can be resolve differently depending on your dns server, location)
IMHO the current solution using the hosts file has 2 performance problems:
large hosts file have to be parsed, in worst case every single time a domain name needs to be resolved (I don't know the windows interna exactly)
possible solution is to setup a local dns resolver like pihole for windows, downside: afaik you have to configure windows network connection manually to use it
a connection fails due to timeout
possible solution is to setup a local (web) server listening on port 80/443 and directly reject connection (like AdAway in case you resolve blocked domains to 127.0.0.1 or ::1)
I tested a hosts file containing about 1 million lines resolving to 0.0.0.0 and had to reboot my computer into safe mode to restore my old version, so I'm still looking for a lightweight solution, too.
It seems to me that using this script drastically reduces the browsing performance. I guess it has to do with the fact, that the browser tries to create a connection to localhost and waits till the timeout.
So I'm wondering if it would be possible to create windows firewall rules (using
New-NetFirewallRule
from theNetSecurity
powershell module) instead of thehosts
file.I think this could result in a better performance, since the firewall would block the request with an HTTP 403(?) right away; instead of waiting for a timeout. It would also enable to add the rules to the AD domain and distribute it within a company network.
The text was updated successfully, but these errors were encountered: