Articles in this section

See more

Allow/Blocking Domains (Best Practices)

Avatar
Christopher Stewart
  • Updated
Follow

Overview

 

A common issue with blocking/allowing access to a site (www.example.newsite.com) is that additional domains need to be accounted for.

Allowing

 

Let's say that you want to allow www.sfgate.com, and so you add sfgate.com to your allow list. However, after visiting the site you find that only the text is showing. When this happens, there are domains needed by the domain that are still being blocked.

If we do a HAR capture in the browser, we can see some of the domains being called out after www.sfgate.com has successfully resolved. In this capture we would see the following DNS records: 

fls.doubleclick.net
s.meebocdn.net
ww1.hdnux.com
ww2.hdnux.com
ww3.hdnux.com
ww4.hdnux.com
www.sfgate.com
www.zvents.com
ssl.gstatic.com

Why is this necessary?

 

For efficiency, almost all websites load content from other sources. This can include but is not limited to image resources, scripts, ads, social media plugins, etc. As such, your settings might be blocking some of these resources, thus preventing them from rendering in your web browser.

As such, in order to view this content, your settings need to be updated to allow for the domains. Note: If you're using Allow Only Mode, you will almost always have to take these steps.

Ways to identify the domains.

 

One easy way to find the domains required is to use Google Chrome's DNS prefetch tool which logs your queries.

More detailed information about the feature is available here -> http://www.chromium.org/developers/design-documents/dns-prefetching

Once the feature is turned on in your browser, you can visit the site you want to collect information about.

After the site has completely rendered (all elements are downloaded), you can enter the following into the URL bar in the browser:

chrome://predictors

Now use CTRL-F to find the domain you are looking for.  I've used www.bostonglobe.com as an example.

bostonglobe.jpg

These entries would be required in order to Allow this site to render completely:

bostonglobe.com
c.o0bg.com
cdn.insights.gravity.com
metrics.boston.com
ping.chartbeat.net
rma-api.gravity.com
rmedia.boston.com
static.chartbeat.com
apis.google.com
ssl.gstatic.com

Other methods of identifying these domains include packet captures (collected by tools such as Wireshark), collecting HAR files, or using websites such as webpagetest.org.

Related articles

Comments

0 comments

Article is closed for comments.