Performance problem

[MovGP0]

It seems to me that using this script drastically reduces the browsing performance. I guess it has to do with the fact, that the browser tries to create a connection to localhost and waits till the timeout.

So I'm wondering if it would be possible to create windows firewall rules (using New-NetFirewallRule from the NetSecurity powershell module) instead of the hosts file.

I think this could result in a better performance, since the firewall would block the request with an HTTP 403(?) right away; instead of waiting for a timeout. It would also enable to add the rules to the AD domain and distribute it within a company network.

[ManOki]

New-NetFirewallRule from the NetSecurity powershell module will not work because the parameter -RemoteAddress has to be an IPv4 or IPv6 address, subnet, range or keyword like DHCP, WINS ...

In other words the firewall cannot block on domain name level but on ip address level. This would lead to more problems like performance (you have to resolve every single entry which is time consuming and most dns servers have query limits) and failure (some domain names can be resolve differently depending on your dns server, location)

IMHO the current solution using the hosts file has 2 performance problems:

• large hosts file have to be parsed, in worst case every single time a domain name needs to be resolved (I don't know the windows interna exactly)
  • possible solution is to setup a local dns resolver like pihole for windows, downside: afaik you have to configure windows network connection manually to use it
• a connection fails due to timeout
  • possible solution is to setup a local (web) server listening on port 80/443 and directly reject connection (like AdAway in case you resolve blocked domains to 127.0.0.1 or ::1)

I tested a hosts file containing about 1 million lines resolving to 0.0.0.0 and had to reboot my computer into safe mode to restore my old version, so I'm still looking for a lightweight solution, too.