1
"IDN Homograph Attacks Protection" breaking Norwegian domains
We use æøå in addition to a-z here, generally best practice for most sites is picking up both the real and "substituted" version and redirecting one to the other. However, NextDNS wants to block stuff like "lovløs.no/lovlos.no", which seems like a bit of an oversight at best. I've just turned the protection off, but considering it offers absolutely zero protection except kinda breaking for an entire country in these cases, it would be nice if it can be fixed.
4 replies
-
We only block if the IDN version points to a different target than the non IDN version. For some reason, this website is using different IPs which triggers the protection.
Content aside
-
1
Likes
- 2 yrs agoLast active
- 4Replies
- 91Views
-
3
Following