Custom block type per blacklist group

[bozicm]

I don't care much about adware and in that case zeroIP or nxDomain response is good enough. But for malware&co I do want to have a custom IP redirect where a warning message for the mentioned page is displayed.

Would it be possible to refactor the blockType to support different response options per blacklist group? For example, the config would be like:

blocking:
  blackLists:
    ads:
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
    malware:
      - verybadsite.xyz
blocking:
  blockType: nxDomain
  groupTypes:
     - ip: 123.123.123.123
       lists:
         - malware

[kwitsch]

Sounds reasonable even if you're idea would most likely end up in an SSL warning page since almost all requests are done with HTTPS and even if your warning page has a correct certificate it wouldn't match with the requested URL.

[bozicm]

Sounds reasonable even if you're idea would most likely end up in an SSL warning page since almost all requests are done with HTTPS and even if your warning page has a correct certificate it wouldn't match with the requested URL.

Yes, I'm aware that incorrect certificate might be an issue but IMO this is better than generic error. On the other hand, it really depends on the implementation of the URL redirection on the http://123.123.123.123 ?

[kwitsch]

Depends on your use case since most users get suspicious at SSL errors.
Seeing nothing is in most cases less alarming than seeing the "Not secure" warning in your browser as a user.

It might be possible to set up SSL man-in-the-middle to combat those but this is really painful and most likely isn't beneficial for your user experience.