How have you configured Little Snitch?

Discussion in 'Mac Apps and Mac App Store' started by steve23094, Nov 26, 2016.

  1. steve23094, Nov 26, 2016
    Last edited: Nov 26, 2016

    steve23094 macrumors 68020


    Apr 23, 2013
    I picked up Little Snitch the other day. I think (I hope?) I have pretty much got the hang of it and seem to be getting on well with most settings.

    What's causing me grief is Safari. I can't decide whether to just open up everything in Safari, but that defeats the purpose of Little Snitch a bit.

    Or I can configure every site manually, but that's incredibly laborious. I have discovered by starting from a blank slate and then approving each site as I go is a crazy amount of work. Each site opens multiple connections and by defaulting to blocking all of them you often discover a feature on the site doesn't work properly. It then takes a while to figure out which connection you blocked that caused the problem.

    How do you have Little Snitch configured for Safari?
  2. Pakaku macrumors 68000


    Aug 29, 2009
    I just approve as they pop up, which is only a little work up front, and shove those rules into All Applications once in a while. Except Safari, because apparently All Applications doesn't apply to anything that connects through Websockets, but I don't use Safari very often.
  3. steve23094 thread starter macrumors 68020


    Apr 23, 2013
    Sorry, I don't understand your comment. What do you mean 'shove those rules into All Applications'? You mention 'except Safari' but that's what I am having difficulty with, I'm pretty much on top of my apps.

    I find sites open perhaps ten different links each and most of them seem like they could be undesirable. Block them all and the website stops operating properly, spend 20 minutes trying to figure out what rule block broke which part of the website. Multiply that by every website I visit (it's a lot) and I'll be an old man by the time I have got LS setup correctly. I find it hard to believe that LS makes browser configuration such a difficult chore, so I assume I'm doing something wrong.
  4. KALLT macrumors 601

    Sep 23, 2008
    I allow all HTTP/HTTPS connections in Safari and use a content blocker for the trackers.
  5. CarlJ macrumors 68020


    Feb 23, 2004
    San Diego, CA, USA
    This ^^^. Allow Safari to access any address on ports 80 (http) and 443 (https). It's a web browser, that's what it's designed to access. Run a separate content blocker if you wish to block trackers. I take a very dim view of web pages that want to open up connections to other ports (besides 80/443), and normally deny those.

    Little Snitch is good, but it takes a lot of dealing with its pop-up dialogs initially, to get it reasonably configured. Get used to going into the "Rules..." page periodically to clean things up (look at the "Unapproved Rules" section to see if there are rules you want to make permanent, and the "Duplicate Rules" section for things you can delete).

    Also, I frequently find myself switching rules in the pop-up dialog from, say, "hostname" to "domain" to avoid all the subsequent requests for ", "", etc. - if I trust the app to talk to one of them, I probably trust it to talk to all of them.
  6. steve23094 thread starter macrumors 68020


    Apr 23, 2013
    Right, that makes sense. My philosophy of trying to manage all browser connections manually was wrong. That's an easy enough change to make.

    So how do you go about reigning in your MacOS dial outs? Are you pretty relaxed about it and let all of them through? Or do you try and restrict as many as possible, leaving only the bare minimum that macOS needs?
  7. Nabby macrumors regular

    Jul 10, 2008
    I usually let it through if it makes sense to me and I understand the program. If I question where it is going, I will do an IP lookup to determine my thoughts on allowing or not allowing the connections. I tell my family to use the deny button by default. It only denies until the process quits by default, so it won't do any permanent blocking if they do that.

  8. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    There's probably a balance.. On one hand u wanna be pestered with every connection to know what is making that hidden call to server... On the other hand, u don't want it getting in the way too much either..

    Same things can be said about firewalls .... It's just the act of not knowing which kind of scares u.. so therefore u should be alerted..

Share This Page