Resolved Little Snitch Default Safari Rules Advice

Discussion in 'Mac Apps and Mac App Store' started by LaWally, Apr 21, 2012.

  1. LaWally, Apr 21, 2012
    Last edited: Apr 22, 2012

    LaWally macrumors 6502a

    Joined:
    Feb 24, 2012
    #1
    I am a new Little Snitch user.

    I just got finished perusing the default rules. I noticed that the default Safari rules are wide open, allowing all outgoing http/https connections.

    I'm thinking I should delete/disable the default Safari rules and let Little Snitch prompt me for all outgoing connections for web access. That way I can create rules to handle all outgoing connections. I figure this will be a bit unwieldy at first, but with time should be manageable.

    Is there any reason I would not want to do this? The fact that the default Safari rules are set up as they are surprises me. Maybe there is something I am not considering?

    Thanks.
     
  2. 0dev macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #2
    I'm confused. LS works on an application by application basis, what "web access rules" are you referring to?
     
  3. charlieegan3 macrumors 68020

    charlieegan3

    Joined:
    Feb 16, 2012
    Location:
    U.K
    #3
    the defaults will let all the OS traffic through, deleting them will mean that you will have lots more prompts about what to do. its up to you. they are there for your convenience.
     
  4. LaWally, Apr 21, 2012
    Last edited: Apr 21, 2012

    LaWally thread starter macrumors 6502a

    Joined:
    Feb 24, 2012
    #4
    Sorry, I see why you are confused. I'm talking about the default rules for the application Safari, which allow all http/https connections.

    ----------

    Understood, but would not allowing all connections for "convenience" defeat the purpose of Little Snitch, especially for something as connection intensive as Safari?
     
  5. 0dev macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #5
    Realistically you need to allow your browser access to all HTTP and HTTPS traffic. You can ban certain domains and all other ports if you like.

    The system apps can be trusted to make any connections they need to, generally speaking.

    If, like me, you're a bit more paranoid, you can enable the network monitor so you can see all the traffic from each app.
     
  6. LaWally thread starter macrumors 6502a

    Joined:
    Feb 24, 2012
    #6
    Okay, thanks.
     

Share This Page