Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Performance problem #2

Open
MovGP0 opened this issue Jun 9, 2022 · 1 comment
Open

Performance problem #2

MovGP0 opened this issue Jun 9, 2022 · 1 comment

Comments

@MovGP0
Copy link

MovGP0 commented Jun 9, 2022

It seems to me that using this script drastically reduces the browsing performance. I guess it has to do with the fact, that the browser tries to create a connection to localhost and waits till the timeout.

So I'm wondering if it would be possible to create windows firewall rules (using New-NetFirewallRule from the NetSecurity powershell module) instead of the hosts file.

I think this could result in a better performance, since the firewall would block the request with an HTTP 403(?) right away; instead of waiting for a timeout. It would also enable to add the rules to the AD domain and distribute it within a company network.

@MovGP0 MovGP0 changed the title Performance promlem Performance problem Jun 9, 2022
@ManOki
Copy link

ManOki commented Dec 3, 2022

New-NetFirewallRule from the NetSecurity powershell module will not work because the parameter -RemoteAddress has to be an IPv4 or IPv6 address, subnet, range or keyword like DHCP, WINS ...

In other words the firewall cannot block on domain name level but on ip address level. This would lead to more problems like performance (you have to resolve every single entry which is time consuming and most dns servers have query limits) and failure (some domain names can be resolve differently depending on your dns server, location)

IMHO the current solution using the hosts file has 2 performance problems:

  • large hosts file have to be parsed, in worst case every single time a domain name needs to be resolved (I don't know the windows interna exactly)
    • possible solution is to setup a local dns resolver like pihole for windows, downside: afaik you have to configure windows network connection manually to use it
  • a connection fails due to timeout
    • possible solution is to setup a local (web) server listening on port 80/443 and directly reject connection (like AdAway in case you resolve blocked domains to 127.0.0.1 or ::1)

I tested a hosts file containing about 1 million lines resolving to 0.0.0.0 and had to reboot my computer into safe mode to restore my old version, so I'm still looking for a lightweight solution, too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants