Today I learned the following things while creating a web filtering proxy for my home network:
- Dan’s guardian is defunct. E2Guardian is a better option, and it can do MITM SSL filtering. It also wasn’t complicated to configure.
- Windows DNS server has a global block list with two entries: isatap and wpad. The DNS server will silently ignore all requests for those two host names while the block list is enabled. You can choose to remove items from the global block list, but since there’s only two entries by default, it was easier for me to disable it.
- Stupidly, the myIpAddress() function in proxy.pac files on Windows returns the IP address of the adapter with the highest priority, not the connecting adapter. I’m not sure of the behaviour on better operating systems, but I hope they are not as stupid.
- Windows 10 no longer allows you to adjust protocol binding order. Using the GUI, it may look like it does change the order, but in reality nothing actually happens. The same thing happens with the utility nvspbind. You have to piss about in powershell now to adjust the interface metric. A lower metric means a higher priority.
The issue with interface metrics only affected me because I have VirtualBox installed, and myIpAddress() function was returning the IP of that adapter instead of my ethernet adapter. Both the VirtualBox Network adapter and my ethernet adapter had a metric of 10, and the VirtualBox adapter had a higher index number as it was installed later… but Windows still chose to use that as the default adapter. Why, Microsoft, why?