Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox Privacy Issue / Exposing internal hostname to search engines like Google

more options

Hi,

when opening an internal website like host.domain.private, FF opens a Goggle Search with that hostname, thus exposing internal information to Google and writes at the top of the window a text like "Did you want to open http://host.domain.private? Yes,... / No".

Does anybody know how to stop FF from doing that?

Thank you very much!

Cheers

Hi, when opening an internal website like host.domain.private, FF opens a Goggle Search with that hostname, thus exposing internal information to Google and writes at the top of the window a text like "Did you want to open http://host.domain.private? Yes,... / No". Does anybody know how to stop FF from doing that? Thank you very much! Cheers

All Replies (6)

more options

hello,

follow the steps:

Open your Firefox browser

  • Click the 3 horizontal line top right on the browser screen then select Options
  • Select Privacy & Security
  • Under Permissions, uncheck Block pop-up windows to disable the pop-up blocker

tell me its work.

thank you !

more options

Hi,

thank you for your answer, but I did not mean a popup window, sent by a website. Please take a look at the attached screenshot to clarify what I mean (the text is in German, but it translates to that I wrote in my original post. Why should disabling the popup blocker solve this issue?

Thank you!

more options

Hi firefox-tm, I believe this changed recently. It used to be that Firefox sent nearly anything like a.b or a.b.c to DNS, but now it checks the official IANA top level domains (TLD) list, and only sends those to DNS. Any host names using unofficial top level domains are going to search now. You can see the difference in the top bar of the autocomplete drop-down (Visit vs. Search).

Of course, if you preface your address bar input with a protocol like http:// or https:// then Firefox doesn't need to guess whether it is an address but that's not very convenient.

If you did click the Yes button, Firefox would create a preference like

browser.fixup.domainwhitelist.domain.private

to bypass search. Or you could add them by hand if you don't want them sent to a search engine even the first time.

Do you have a lot of these host names? It may be impractical with a huge number.

I saw a discussion on Reddit about possibly having a whitelist for an entire internal or unofficial TLD, but I think that is an idea for the future and not yet built in.

more options

Hi, thank you for your answer. You are right, this behavior must have changed recently.

From my pov Firefox puts convenience over privacy in this case. I mean, for most of the users, this won't be an issue, as they do not operate their own DNS services and thus they'd send this information to their DNS provider in any case. But if you operate your own private domain or as a company using internal domains, this might be an issue.

The current way to add new hosts to the whitelist is not very convinient. The only way I found, which might be a bit better for a larger internal domain, is to export my zonefile and create lines like:

user_pref("browser.fixup.domainwhitelist.host1.domain.private", true); user_pref("browser.fixup.domainwhitelist.host2.domain.private", true);

and add this manually to my prefs.js file in my profile. But this is also very annoying and I would expect a better solution by Firefox. If I'd want to send my data to Google, I'd use Chrome ;-)

Can you link the Reddit discussion here? This solution would be way better as the current situation.

more options

As a side note, you can optionally create a file named user.js instead of directly modifying prefs.js. At startup, Firefox merges your user.js into prefs.js.

http://kb.mozillazine.org/User.js_file

I'm having trouble finding the Reddit thread, I think it was about unofficial domains on alternate DNS roots.

more options

Thank you for the hint. Works like charm!

If one needs a 1-liner shell script to convert a Windows Zone List to user.js lines (should work fine on any OS with Bash or Shell and awk installed):

cat zone.txt | egrep "Host|Alias" | grep -v "same as parent folder" | awk '{domain="<enter your domain here>"; print "user_pref(\"browser.fixup.domainwhitelist."$1"."domain"\", true);"}'