The Shared Surrogate offers extra Security using a Blacklist of malicious IP Addresses and Domain names. While using the Browser Surrogate, even if you click on a phishing link that leads to a known phishing domain, the Surrogate will block the request and prevent you from Browsing to a known Phishing or malicious landing page.
Lets see how the Blacklist works with the Browser Surrogate.
Here you can see an example of the current Blacklist configured in this instance of the Browser Surrogate. There are only 3 entries in this Blacklist to demonstrate the concept. For this example, while using the Browser Surrogate, I will not be able to browse Russian domains (.ru), China domains (.cn), and specifically ‘cnn.com’.
Right now, without the Surrogate enabled, I can freely Browse to ‘cnn.com’ or any other .cn or .ru website.
First Ill demonstrate we can reach Blacklisted websites with the Browser Surrogate disabled. This is one great feature of this service, you can turn the Surrogate on and off very easily.
Here im using FoxyProxy Extension in my FireFox Browser to easily turn on the Browser Surrogate.
Lets verify the Blacklist entries are working by refreshing the ‘cnn.com’ webpage, after enabling the Browser Surrogate.
As expected the Surrogate is not allowing access to the Blacklisted Websites.
Lets also verify we are not allowed to go to any ‘.cn’ or ‘.ru’ domains. I can use Google to find ‘.cn’ and ‘.ru’ websites to test the Blacklist.
Below shows the Surrogate blocking access to ‘fal.cn/qoIO[.]cn’ website.
Below shows the Surrogate blocking access to ‘matrixcalc[.]ru’ website.
Now, lets make sure other websites are still accessible while the Browser Surrogate is enabled:
This page has demonstrated how the Browser Surrogate Blacklist feature works. The Browser Surrogate is pre-loaded with known bad or malicious domains and will block them automatically preventing you from browsing to them even if you clicked a phishing link in an email or message.
The Dedicated Surrogate service allows you to customize your Blacklist and block access to any domains you want. The Shared Surrogate service has a static Blacklist. You cannot customize it but it will be periodically updated to add additional malicious domains as they are discovered.