Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

LaWally

macrumors 6502a
Original poster
Feb 24, 2012
530
0
I am a new Little Snitch user.

I just got finished perusing the default rules. I noticed that the default Safari rules are wide open, allowing all outgoing http/https connections.

I'm thinking I should delete/disable the default Safari rules and let Little Snitch prompt me for all outgoing connections for web access. That way I can create rules to handle all outgoing connections. I figure this will be a bit unwieldy at first, but with time should be manageable.

Is there any reason I would not want to do this? The fact that the default Safari rules are set up as they are surprises me. Maybe there is something I am not considering?

Thanks.
 
Last edited:

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
I'm confused. LS works on an application by application basis, what "web access rules" are you referring to?
 

charlieegan3

macrumors 68020
Feb 16, 2012
2,394
17
U.K
the defaults will let all the OS traffic through, deleting them will mean that you will have lots more prompts about what to do. its up to you. they are there for your convenience.
 

LaWally

macrumors 6502a
Original poster
Feb 24, 2012
530
0
I'm confused. LS works on an application by application basis, what "web access rules" are you referring to?

Sorry, I see why you are confused. I'm talking about the default rules for the application Safari, which allow all http/https connections.

----------

the defaults will let all the OS traffic through, deleting them will mean that you will have lots more prompts about what to do. its up to you. they are there for your convenience.

Understood, but would not allowing all connections for "convenience" defeat the purpose of Little Snitch, especially for something as connection intensive as Safari?
 
Last edited:

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
Realistically you need to allow your browser access to all HTTP and HTTPS traffic. You can ban certain domains and all other ports if you like.

The system apps can be trusted to make any connections they need to, generally speaking.

If, like me, you're a bit more paranoid, you can enable the network monitor so you can see all the traffic from each app.
 

LaWally

macrumors 6502a
Original poster
Feb 24, 2012
530
0
Realistically you need to allow your browser access to all HTTP and HTTPS traffic. You can ban certain domains and all other ports if you like.

The system apps can be trusted to make any connections they need to, generally speaking.

If, like me, you're a bit more paranoid, you can enable the network monitor so you can see all the traffic from each app.

Okay, thanks.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.