Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Resolved Safari ignoring hosts file?

Nermal

Nermal

Moderator
Original poster
Staff member
Dec 7, 2002
21,621
5,642
New Zealand
I just noticed an oddity with Safari. In /etc/hosts I have www.facebook.com redirected to 0.0.0.0 and ::1. If I ping www.facebook.com then it correctly reports "Socket is not connected".

However, in Safari, I can open www.facebook.com and it comes up with the login page. Weirdly, other redirected hosts seem to fail as expected. Any idea what's going on here? Are there separate DNS settings inside Safari somewhere?

I'm running OS 15.1.1 with Safari 18.1.1. As far as I know, this was working correctly under OS 14.

Edit: Firefox correctly gives an "unable to connect" message. The problem seems to be limited to Safari.
 
Or use web content filters.
“filterBlacklist [string] The array of URLs that defines a deny list. When restrictWeb and useContentFilter are enabled, no URLs in the deny list are available to the user.”
ParentalControlsContentFilter https://developer.apple.com/documentation/devicemanagement/parentalcontrolscontentfilter
Parental Controls MDM payload settings for Apple devices https://support.apple.com/guide/deployment/dep1c778f77/web
iMazing Profile Editor https://apps.apple.com/app/imazing-profile-editor/id1487860882

Example for Yahoo https://forums.macrumors.com/threads/everything-has-failed-to-block-yahoo-com-search.2379256/
 
  • Like
Reactions: Slartibart
I haven't really had time to look into this, but I don't understand what's happening.

Slartibart said:
the reason for this - since macOS 11 (?)
Click to expand...
It was working as expected in 14.

I don't understand what the RFC is talking about. I also don't understand how it's finding Facebook at all when a DNS lookup for its domain fails. Is there a plain English explanation available somewhere?

I don't like the idea of having to use additional software to work around something that "should" be doable via the underlying Unix infrastructure.
 
This seems to be working again in Safari 18.3. Blocked sites are once again not loading in Safari.
 
I think I tried, but got a bit flummoxed by it... then the issue fixed itself with an update. I'll re-investigate when I get time (something which seems sorely lacking at present!)
 
I just stumbled upon this article. It turns out that the "Use advanced tracking and fingerprinting protection" option is the cause of my woes. I fully agree with the opinions presented in that article.
 
Nermal said:
I just stumbled upon this article. It turns out that the "Use advanced tracking and fingerprinting protection" option is the cause of my woes. I fully agree with the opinions presented in that article.
Click to expand...
A good stumble. :) Really interesting (to me). I wish that were two options. I would like to turn off "advanced tracking" and rely on AdGuard's DNS protection, but keep Safari blocking fingerprinting.

The DNS aspects of this are like having a bit of iCloud Relay (for free) which forces Safari and Mail DNS requests to go to Apple's servers unless you have DNS set by a profile.

It is all very confusing - see https://lapcatsoftware.com/articles/2025/9/4.html where Jeff Johnson admits to being confused and he is something of an expert with the hidden aspects of Safari.
 
  • Like
Reactions: Nermal
So it seems that I must've set the feature to "all browsing" at some point and then forgotten I'd done it, if that's not the default in Safari 18/MacOS 15.

The only reason I noticed that Safari was ignoring the hosts file in the first place is because I'd searched for something on my desktop and started getting ads for it on my phone. The culprit was Facebook, which was supposed to be blocked via hosts.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back