Jump to content

could be create a global rule to block tcp 80 (htpp) and dns service?


Recommended Posts

hi

could be create a global rule to block tcp 80 (http ) and pust to use htttps for every programs?

i would like to create 1 rule for every applications

and is eset firewall powerfull enough to block DNS cache server ?

thanks

Link to comment
Share on other sites

  • Administrators

It's possible to block http communication on port 80 as well as DNS communication. While neither makes sense to me (there are legit apps that communicate via http and DNS communication is vital), you can create two block rules and put them on top of the built-in rules.

Link to comment
Share on other sites

7 hours ago, Marcos said:

It's possible to block http communication on port 80 as well as DNS communication. While neither makes sense to me (there are legit apps that communicate via http and DNS communication is vital), you can create two block rules and put them on top of the built-in rules.

the point is push every application to use https and block some unknow malware apllication that can use windows dns service

might you please upload a screenthot how create a global rule to block tpc 80 and dns service?

thanks

Link to comment
Share on other sites

23 minutes ago, mantra said:

the point is push every application to use https

As far as I am aware of, Eset doesn't support HTTPS Everywhere or its equivalent via FireFox or Chrome options. So you will probably end up with a lot of blocked browser connections for anything using HTTP.

26 minutes ago, mantra said:

apllication that can use windows dns service

You just can't block outbound port 53 DNS traffic absolutely by creating a firewall rule to do so. Ekrn.exe monitors that port along with a whole bunch of other ports. If you create a rule to block DNS and I can't fathom why you would want to attempt this, the created rule must be placed after the existing Eset default rule for ekrn.exe.

Link to comment
Share on other sites

  • Administrators

HTTPS-Everywhere is a browser extension. Banking and payment protection works with it alright like with the Firefox HTTPS-only mode. HTTPS communication should be scanned as well as long as SSL scanning is enabled and the browser is recognized.

Link to comment
Share on other sites

2 hours ago, Marcos said:

HTTPS-Everywhere is a browser extension. Banking and payment protection works with it alright like with the Firefox HTTPS-only mode.

Firefox HTTPS only option and HTTPS Everywhere work differently.

Firefox HTTPS only mode will try to redirect to HTTPS version of the web site. If one doesn't exist, it will warn you of this and ask how you want to proceed:

FireFox_HTTP_Only.thumb.png.eab9975b6ddff8ab2b27fe0b65c33958.png

HTTPS Everywhere on the other hand will modify insecure content on HTTPS sites:

Quote

HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. Information about how to access the project's Git repository and get involved in development is here.

https://www.eff.org/https-everywhere

It was my understanding that Eset would "choke" when the web page HTTP-to-HTTPS activities occurred.

 

Edited by itman
Link to comment
Share on other sites

hi

there are many applications that use http , not only browsers!

there are many applications free and paid that use dns cache to send data to China or other nations

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...