Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Resolved Little Snitch Default Safari Rules Advice

L

LaWally

macrumors 6502a
Original poster
Feb 24, 2012
530
1
I am a new Little Snitch user.

I just got finished perusing the default rules. I noticed that the default Safari rules are wide open, allowing all outgoing http/https connections.

I'm thinking I should delete/disable the default Safari rules and let Little Snitch prompt me for all outgoing connections for web access. That way I can create rules to handle all outgoing connections. I figure this will be a bit unwieldy at first, but with time should be manageable.

Is there any reason I would not want to do this? The fact that the default Safari rules are set up as they are surprises me. Maybe there is something I am not considering?

Thanks.
 
Last edited:
I'm confused. LS works on an application by application basis, what "web access rules" are you referring to?
 
the defaults will let all the OS traffic through, deleting them will mean that you will have lots more prompts about what to do. its up to you. they are there for your convenience.
 
0dev said:
I'm confused. LS works on an application by application basis, what "web access rules" are you referring to?
Click to expand...

Sorry, I see why you are confused. I'm talking about the default rules for the application Safari, which allow all http/https connections.

----------
charlieegan3 said:
the defaults will let all the OS traffic through, deleting them will mean that you will have lots more prompts about what to do. its up to you. they are there for your convenience.
Click to expand...

Understood, but would not allowing all connections for "convenience" defeat the purpose of Little Snitch, especially for something as connection intensive as Safari?
 
Last edited:
Realistically you need to allow your browser access to all HTTP and HTTPS traffic. You can ban certain domains and all other ports if you like.

The system apps can be trusted to make any connections they need to, generally speaking.

If, like me, you're a bit more paranoid, you can enable the network monitor so you can see all the traffic from each app.
 
0dev said:
Realistically you need to allow your browser access to all HTTP and HTTPS traffic. You can ban certain domains and all other ports if you like.

The system apps can be trusted to make any connections they need to, generally speaking.

If, like me, you're a bit more paranoid, you can enable the network monitor so you can see all the traffic from each app.
Click to expand...

Okay, thanks.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back