Documentation

Magic Folders

Some folders are special and can unlock advanced behaviors.

Suggest Edits

What are Magic Folders

There are special folders that you can create that allow you to enforce advanced behaviors.

Control D Bypass

If you're using Command Line Daemon, GUI Setup Utility or Apple DNS Profiles (.mobileconfig) on roaming devices that frequent public WiFi networks with captive portals, or need to split route your AD domains to a local domain controller, this folder is for you.

📘

Common Captive Portals

We're already excluding common captive portals for major airlines and those that were reported to us by users. There is a good chance you don't need to worry about this. However if you encounter a captive portal that indeed does not work, then read on!

Create a folder with this exact name in a Profile enforced by these roaming devices: Control D Bypass.

Any enabled BYPASS rule that you put into this folder will get excluded from using your Control D DNS resolver, much like the base rules we're already enforcing. This allows captive portals to load. Once Internet access is established, then Control D can do its thing. The same is true for your AD domains, as these would be handled the same way.

Rules can be exact hostnames (wifi.airline.com), or wildcards (*.airline.com).

🚧

Updates are not instant

If you encounter a captive portal that doesn't work with Control D (let us know!), and you add a bypass using this method, the changes are not instant and requires end-user action, which depends on how Control D was deployed.

GUI app or ctrld daemon

In order for newly added rules to be enforced, you need to restart the app or daemon. Simply go into the GUI app, and disconnect, and then re-connect. If you're using ctrld daemon, then execute the restart command.

Apple DNS Profile

These cannot be updated, as rules are baked in into the profile itself. You will have to re-download and re-install the DNS profile. Sorry about that.

Do Not Log

This magic folder allows you to exclude domains from being logged into Analytics. Create a folder with this exact name in a Profile enforced by relevant Endpoints: Do Not Log. Any custom rule you put into this folder will be acted upon, but will not be logged into Analytics.

This is handy if you see a "spammy" domain polluting your Analytics, or want to mask the activity for that one special domain that you access a lot.

Updated 28 days ago