[Solved] Block domain, when a client visits it by IP

Can anyone please help me? I have been scratching my head for a while now.

So here is the deal:

Assume there is a domain: example.com
When you check it up with normal DNS, you get a result:
Now there is an APP on Android, will visit example.com with a http request, using IP addresses,,, the APP will not perform any DNS request at all, the 3 IPs are somehow hardcoded into the APP. And these IPs change from time to time.

Is there a simple way that I can block this request? Obviously using any DNS related method does not work.

Make sure your DNS query result matches the one of the app.
Use DNS encryption or DNS over VPN/Tor if required.
Then set up DNS-based firewall with IP sets.

Thanks for the answer, but unfortunately any DNS based method simply does not work.

There is no way to match the DNS query result, like I said:
Public DNS resolve result would tell you, "example.com" is at
The APP, however has a secret list of IPs they hardcoded into the APP, like,,, and they rotate the list from time to time, adding new IPs that are not public-known.

The only thing in common is that the APP will initiate a http request with "example.com" domain name, but the APP does not do DNS query at all.What I want is to block this http request, preferably with a simple method.

Monitoring the APP constantly to find out which new IP they have come up is just a pain in the ass.

It's problematic to block random IPs that you cannot identify with DNS.
In this case, the only way to perform content filtering is using a proxy server.

1 Like

As vgaetera wrote, it will need a proxy. Which can run openwrt, to block all requests, containing example.com. squid proxy is best choice here. Not so trivial, especially when the app does a "GET https://example.com".
I assume, you carefully checked the requests, using wireshark, for example. As I suspect, the app might do "GET" or "GET" which is much easier to implement.

1 Like

@reinerotto @vgaetera
Thank you both!

@reinerotto You are right, it is a "GET http://example.com/blahblah" request.

Looks like proxy like squid is my best bet here.

dansguardian or tinyproxy (simplest !) should work, too, in case, it is http, and NOT https.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.