amate
commented
8 years ago 1. Since the match pattern is run every single character, if you write a command such as $URL in front of the match pattern, the filter wil be very slow.
The filter will be improved by as follows:
URL Pattern:
($URL(*secureboot.js)$SET(secureboot=1)|)Match Pattern:
$TST(secureboot=1)
(
//code_here
)|
$TYPE(htm)
(
//code_here
)2. It takes about 500 ms to the response when you enable the log, so it seems different alert appears.
3. I will implement a filter search window someday.
Noticed two issues with Proxydomo:
First, I use the $URL command inside the match window to define which pages the filter should work on, like this:
$URL(*secureboot.js) ( //code_here )|
$TYPE(htm) ( //code_here )
etc.
The more filters are present that use this the slower certain pages get, which have totally different addresses, so it seems Proxo is running the filters from different pages on them too. I monitored which pages are affected, it's mostly Microsoft and Google pages, I am not certain, but it seems it's caused by very long urls they are using for certain scripts their pages are loading, like this:
https://c.s-microsoft.com/en-us/CMSStyles/style.csx?k=3c9ade18-bc6a-b6bd-84c3-fc69aaaa7520_899796fc-1ab6-ed87-096b-4f10b915033c_e8d8727e-02f3-1a80-54c3-f87750a8c4de_6e5b2ac7-688a-4a18-9695-a31e8139fa0f_b3dad3e4-0853-1041-fa46-2e9d6598a584_fc29d27f-7342-9cf3-c2b5-a04f30605f03_28863b11-6a1b-a28c-4aab-c36e3deb3375_907fa087-b443-3de8-613e-b445338dad1f_a66bb9d1-7095-dfc6-5a12-849441da475c_1b0ca1a3-6da9-0dbf-9932-198c9f68caeb_ef11258b-15d1-8dab-81d5-8d18bc3234bc_11339d5d-cf04-22ad-4987-06a506090313_176b8afa-bab9-e793-c91f-d22b5a134b6e_8031d0e3-4981-8dbc-2504-bbd5121027b7_3f0c3b77-e132-00a5-3afc-9a2f141e9eae_aebeacd9-6349-54aa-9608-cb67eadc2d17_0cdb912f-7479-061d-e4f3-bea46f10a753_343d1ae8-c6c4-87d3-af9d-4720b6ea8f34_a905814f-2c84-2cd4-839e-5634cc0cc383_190a3885-bf35-9fab-6806-86ce81df76f6_ce476de2-91bf-768d-12f6-b1345b17f832_8beffb66-d700-2891-2c8d-02e40c7ac557_f2be0b5b-cb09-7419-2469-40333971901d_8e7f567d-245e-5dce-919d-1da2084a1db6_04cdd06f-491b-f252-4816-e05dbe3089b4_4d591b90-4f6b-d61a-3fe3-eeabaa54e007_d2a7617d-4fec-e271-3b3c-29c71d1edda1_c54c82ad-9a34-5e14-9f7e-f76e05daa48e_7662fbc3-5b00-dd7a-8c24-6b7bb7bb4b48_2bcd3d2d-6832-7053-3643-75fe6bb53d16_90b9cae5-0156-65e5-3652-a23ad05aa89b_0eea7408-d405-33d1-b3a3-e68154c11931_ba0d0603-e291-f64d-1224-c7179a0128a3_66db1513-3061-60df-c963-21f539556ce2_0f67a2ff-4303-729b-5e92-8c9fdf41f487_edaa7a2f-8af9-ec7d-b92f-7f1d2beb1752_8458a62c-bedc-f933-0122-e66265888317_2bb2f93a-070c-24f3-a072-d242d5ed2dc6_b330fd3d-1e8a-d40d-de4a-4d1c63486b10_60605f77-9b7b-d9fe-129c-c4937ddd200a_234e2194-00bc-d945-f90c-5cb0949c5e6c_c1777bd2-b94a-d4f5-9613-04f778b6d0cd_54a5d793-aac7-b19e-ed26-cc0395a49b4f_2d1729a6-67a8-5390-69d1-3988a55a41c8_31406ffb-4dfc-1e69-997b-05313bbb2db8_30db642a-887e-7424-636a-671576ac660e_3684062b-2b09-fd4e-0f3e-6a149539f0c8_23c3ae93-fc96-f39a-cb7e-0a9eee5d9678_d6bdf6a8-b29b-b551-3bca-52d5615a2c54_43047ac2-d851-7cba-7f5a-f4cccf880b75_76591620-984e-d3d1-c0c0-3cc95e69679e_e292f94c-d076-c785-75aa-b08b99af979d
If I remove the $URL from the match window and use the bounds field to define the address the issue stops, no more slowdown, but then I have to use separate filters for EACH script, that's annoying, I like to keep all scripts that belong to the same page together.
Another problem I noticed is very strange. I blocked the facebook.com domain in Proxo. Now when I open facebook.com in Internet Explorer 11 (Windows 10 LTSB), the browser displays the dnserror page it loads from ieframe.dll.mui if I remember correctly. But now check this out - if I open Proxydomo's log window and the log is running, then IE displays the TSL error page ("the page cannot be displayed, please install TSL 1.2 bla bla"). Even if I close the log window or stop the log in Proxo, IE will still display the TSL error. If I restart IE, it will display the DNS error once, then the TSL error again. As long as the Proxo log window is closed or the log is not running, the issue does not occur, but once it occurs, it won't stop until restarted. I monitored the log window - Proxo sends IE to the killed.html page. If the log is not running, IE reads the page and accepts it. But if the log is running, it starts hammering Proxo for facebook.com ssl handshake. Proxo sends it to killed.html, but IE doesn't like it and hammers on:
CONNECT facebook.com:443 HTTP/1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko Content-Length: 0 DNT: 1 Host: facebook.com Proxy-Connection: Keep-Alive Pragma: no-cache
167 : HeaderMatch [ADS (Out)]
167 : Match the list [Ads] line 102
and so several times in a row (if the log is not running, the connection is only attempted once).
Also, the error is different - if the log is not running, IE perceives the error as ERROR_INTERNET_CONNECTION_ABORTED , but if the log IS running, the error is ERROR_INTERNET_CANNOT_CONNECT , which is why IE displays a different error page.
I tried everything - disabled SSL 2 and 3, enabled all TSLs, nothing. No idea what's causing this.
Could you please also add a filter search window to Proxo, similar to the one Proxomitron had? The one where you can type the name of the filter and then the filter window would only display filters with appropriate names. I can never find any filters, cause I have so many of them and am too lazy to sort them alphabetically.