Network extension - Blocking an https request on Safari and Chrome

App & System Services Networking
dseijffers OP
Created Feb ’23
Replies 2
Boosts 0
Views 624
Participants 3

Hi, I am trying to write an app for macOS which will allow or drop a potential upload request, e.g. PUT or PATCH http request. For example, I would like to block uploading of a file to Google drive. I was looking into the 'SimpleFireWall' app sample provided within (https://developer.apple.com/videos/play/wwdc2019/714) but AFAIU this cannot be done due to limitations of NEFilterDataProvider and its flow (NEFilterFlow) objects, i.e. one limitation is that this would only be supported on Safari (WebKit based browsers) and secondly there is no option to peek and analyze which http request is represented by the flow in case of a TLS connection (HTTPS) as data is obviously encrypted.

What would be the recommended way of achieving this?

Thanks, Doron.

Replies  2
Boosts  0
Views  624
Participants  3
tekgru OP
Apr ’23

Hi Doron, was you able to find the solution for your problem? I'm also looking into a solution for this.

0
Systems Engineer OP
Apple
Apr ’23

What would be the recommended way of achieving this?

Right, using NEFilterDataProvider is flow or packet based and so you would not be able to decrypt the data on the fly to see the data at the HTTP level. The intention here is to make filtering decisions based on a remote or local address with an API like NEFilterSocketFlow.

0
Network extension - Blocking an https request on Safari and Chrome
First post date Last post date
 
 
Q