this post was submitted on 29 Jan 2025
13 points (93.3% liked)

Programming

18039 readers
37 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
snowe
Ategon
[email protected]
13
Implementing a form of websites white listing today, is it actually possible? (feddit.it)
submitted 5 days ago by [email protected] to c/programming
10 comments fedilink hide all child comments
 

With all the CDNs and content been served from several locations for a single web page for example, would it be possible to implement a maintainable whitelist in something like a proxy? Does it makes sense? Or I would break half of the websites?

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 5 days ago

NoScript browser extension is one example. DNS filtering is another.

[–] MajorHavoc 6 points 5 days ago

If you're looking for website content to not run without permission, running with JavaScript disabled generally gets the job done. Each site I enable JavaScript for is effectively "white listed" to serve me app like features, beyond static content.

[–] onlinepersona 3 points 5 days ago (1 children)

What is your goal? I'm not sure I understand. Are you trying to rebuild something like Decentraleyes?

Anti Commercial-AI license

[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (1 children)

No it's more a user management thing, I would need users to access a certain list of whitelisted websites only..

Maybe proxy or dns? I've been looking in squid proxy but it looks fairly complicated, especially if I wanna be able to access it from wan.. But Idk if with DNS I could block ips as well. Setting up an hosts file seems like a lot of continuous work since I would have to specify entries for each ip address associated with domain.. Maybe firewall?

[–] moonpiedumplings 1 points 4 days ago* (last edited 4 days ago) (1 children)

Yeah you probably want a proxy based solution. Have a network that has no internet access except through a proxy that you control.

You would also have to lock dns down. The problem with dns based blocks is that things like dns over https allow people to use an alternative dns server. But, if you control the devices that you are managing, then you can also control what dns server they use.

[–] [email protected] 1 points 4 days ago

Do you think a Proxy would be better in this regard compared to a firewall? I was trying to watch the logs of ufw today and see if I could do something there but the incoming and outgoing connections are A LOT, and I would essentially like to whitelist both per domain and per IP.

How much maintainance would this require? I wonder how often IPs change today, but with all the NAT, dynamic DNS and CDNs there around maintaining a whitelist only with IP addresses looks like a nightmare..

Squid proxy with squidguard could be a better option than trying to work with a forewall maybe?

[–] Kissaki 1 points 5 days ago (1 children)

yes, it would be possible

[–] [email protected] 1 points 4 days ago (2 children)

Any suggestions on the how?

[–] moonpiedumplings 1 points 4 days ago

Noscript. Ublock origin strict/export mode, where you must manually accept connections. Dns filtering. A socks proxy. VPN. Etc, there exist many ways.

But which of these methods is best depends on what you are trying to do.

[–] Kissaki 1 points 4 days ago

Not enough context. Depending on what you proxy, you can allowlist DNS and IPs. You can use DNS to query domains for alternative delivery sources.