- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 45
- Location
- Engine room, learning
- XP
- 15,649
- Country
I'm using the Proxy to filter the network access on my switch.
It works fine with blocking nintendo's URLs request, but I noticed it never filters homebrew at all.
It did the same with the Wii and WiiU homebrew (blocked WiiU access but vWii homebrew still had access to network), so I'm wondering if devkitpro's libraries (libNX for switch), are just ignoring the proxy setting set in the console's network menu.
I'm using a proxy to blocks all URL except the nintendo's con.test. url set as whitelist.
doing a connection test :
- fail if the proxy is off. (good)
- pass only if the proxy is live, and I can see all logged blocked URL. (good)
try a homebrew : works (not good). it should fail as it's not in my whitelist of allowed URLs.
after the connection test is successful I can shutdown the proxy, and homebrew are still successfully accessing the network, bypassing completely that setting.
it looks like the official nintendo's programs are using the proxy setting, but not the homebrew.
I tried with many homebrew (PyNX, switchGuide updater, SD Setup, appstore, etc.)
Like I said, it worked the same way on WiiU vWii.
WiiU can't access the network without the proxy program launched, WiiU browser can't even access LAN if the proxy is not enabled. but vWii homebrew always ignored the proxy setting completely, and never required the connection test to access network.
it looks like no homebrew ever cared about that option.
At least, switch homebrew requires an active connection to be registered on Switch, which requires internet access. after the test is successful, you don't need it until you go into sleep mode.
It might look like a bug, but it's actually useful.
As long as the proxy does its job to block retail app access, that's fine. that's even a lot better than whitelisting all homebrew URLs one by one as it allows all homebrew without required user interaction, while blocking all other console's network access.
the only issue I might have is if a retail app also bypass that setting. well, I also use 90DNS just in case.
It works fine with blocking nintendo's URLs request, but I noticed it never filters homebrew at all.
It did the same with the Wii and WiiU homebrew (blocked WiiU access but vWii homebrew still had access to network), so I'm wondering if devkitpro's libraries (libNX for switch), are just ignoring the proxy setting set in the console's network menu.
I'm using a proxy to blocks all URL except the nintendo's con.test. url set as whitelist.
doing a connection test :
- fail if the proxy is off. (good)
- pass only if the proxy is live, and I can see all logged blocked URL. (good)
try a homebrew : works (not good). it should fail as it's not in my whitelist of allowed URLs.
after the connection test is successful I can shutdown the proxy, and homebrew are still successfully accessing the network, bypassing completely that setting.
it looks like the official nintendo's programs are using the proxy setting, but not the homebrew.
I tried with many homebrew (PyNX, switchGuide updater, SD Setup, appstore, etc.)
Like I said, it worked the same way on WiiU vWii.
WiiU can't access the network without the proxy program launched, WiiU browser can't even access LAN if the proxy is not enabled. but vWii homebrew always ignored the proxy setting completely, and never required the connection test to access network.
it looks like no homebrew ever cared about that option.
At least, switch homebrew requires an active connection to be registered on Switch, which requires internet access. after the test is successful, you don't need it until you go into sleep mode.
It might look like a bug, but it's actually useful.
As long as the proxy does its job to block retail app access, that's fine. that's even a lot better than whitelisting all homebrew URLs one by one as it allows all homebrew without required user interaction, while blocking all other console's network access.
the only issue I might have is if a retail app also bypass that setting. well, I also use 90DNS just in case.
Last edited by Cyan,