Closed kapilsingh421 closed 10 months ago
You already could define a custom IP as block type.
Therefore this can be achieved by hosting your custom page as a separate service and setting it's IP as block type.
Also note that this won't work with HTTPS (unless you have a root cert on each device), so in most cases, if the user visited the site in the past they'll just see a "bad cert" error.
What if we add a block type cname
which forwards the request to another domain?
Wouldn't that fix the SSL issue? π€
CNAME won't do a HTTP redirect, so the hostname used for TLS is still the original one :slightly_frowning_face:
No, it won't work with cname record. Browser will still use https
Was thinking about something like: if the CNAME url has a valid certificate for itself and provides the same content on http and https it should work ... π€
But was just a quick idea... π
The browser will still do TLS cert verification with the blocked domain, not the one from CNAME. So it's just impossible to fix without a cert for the blocked domain.
Maybe we should drop this feature since over 90 percent of sites use https?
I think someone recently had questions about using this but didn't find it.
And IMO it's really just a small amount of code so I don't mind keeping it if it's useful to someone. Maybe the docs should warn about the limitation and say it's pretty much useless if you don't run your own certificate authority.
EDIT: Just to be clear I also don't mind removing it!
Was looking into DNS based url redirects and came across the HTTPRED
record type.
Would this maybe as option solve the SSL problem? π€
Didn't know about that, but looks like a non standard hack supported by only a couple DNS providers. So it's actually not a solution for us because it still uses a normal A record + web server, so needs a cert for the A record/blocked domain. For those DNS providers that's easy to get since they are the NS for the real domain, but that's not our case.
See https://support.constellix.com/support/solutions/articles/47000860091-http-redirection-record:
When you create an HTTP redirection record, youβre actually making an A record that points to that web server
Thanks you
@ThinkChaos Ah sorry didn't read it through. π
I would like to raise an issue regarding domain blocking. Instead of displaying the default page when a domain is blocked, I want a custom page to be shown