Problem with Pi-Hole and Prevent Internet sites from request

Discussions about the Application Boundaries Enforcer (ABE) module
yes_noscript

Problem with Pi-Hole and Prevent Internet sites from request

Post by yes_noscript » Wed Mar 29, 2017 5:11 pm

I use a RaspberryPi with Pi-Hole as ad- and trackingblocker for all devices in my network.
But with enabled ABE the default SYSTEM rule block for example the https://decentraleyes.org/test/ test.

How can i modify it so requests from the Pi-Hole (only avaiable over LAN) are allowed?

Edit: I mean that rule:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Wed Mar 29, 2017 6:36 pm

So Pi-Hole is just loading downloadable HOSTS files into dnsmasq, correct?

If so, the solution is actually to modify the HOSTS files. Point blocked domains to 0.0.0.0 instead of 127.0.0.1. Or change the download URLs of the HOSTS files to the 0.0.0.0 versions, where available.
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Wed Mar 29, 2017 6:59 pm

I dont know how Pi-Hole works :mrgreen: I'm not a linux guy.
Did you know how i do that?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Wed Mar 29, 2017 8:34 pm

Wait, hang on, it also redirects some blocked requests to a local server. Try putting this at the very top of SYSTEM -

Code: Select all

Site ^https?://192\.168\.1\.101[:/]
Accept
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Wed Mar 29, 2017 9:14 pm

Thank you very much!
That works perfect!

Does that disable the "Prevent Internet sites from requesting LAN resources." rule?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Wed Mar 29, 2017 11:44 pm

yes_noscript wrote:Thank you very much!
That works perfect!
You're welcome! Image
yes_noscript wrote:Does that disable the "Prevent Internet sites from requesting LAN resources." rule?
Only for requests to that one local server. Everything else on your local network, including your own computer, is still protected just as before.
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Thu Mar 30, 2017 9:25 am

Thanks!
Yeah, yesterday i see that the protection still works.

:)
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Thu Mar 30, 2017 5:56 pm

Argh, today i found that:

Code: Select all

[ABE] < LOCAL> Deny on {GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js <<< https://forum.xda-developers.com/oneplus-2/development/6-0-x-cyanogenmod-13-oneplus-2-t3292436/page1413 - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Is that because of Decentraleyes? But i wonder why i doesnt get that before Pi-Hole
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Thu Mar 30, 2017 7:25 pm

Please post the DNS lookup of ajax.googleapis.com
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Sat Apr 01, 2017 8:29 am

nslookup ajax.googleapis.com
Server: UnKnown
Address: fd00::8312:a96:59ec:10d6:ca6a

*** ajax.googleapis.com wurde von UnKnown nicht gefunden: No response from server.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Sat Apr 01, 2017 9:28 pm

Image That's a rather odd response for a dnsmasq-based blacklist. Maybe I'm still missing something about how Pi-Hole works, but my own dnsmasq-based blacklisting attempts always resulted in either 0.0.0.0 or NXDOMAIN being returned.
yes_noscript wrote:But i wonder why i doesnt get that before Pi-Hole
So if you disable Pi-Hole, any change in the ABE warning and/or DNS lookup of ajax.googleapis.com?
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Sun Apr 02, 2017 7:58 am

I mean i got no such ABE errors before Pi-Hole.

When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result

Did you have the same problem with for example XDA-forums and the Thanks-button?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Sun Apr 02, 2017 3:16 pm

yes_noscript wrote:When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result
Then the ABE warning cannot related to Pi-Hole, can it? So please try re-enabling Pi-Hole and disabling Decentraleyes. Do you still get the ABE warning?

Probably the DNS failure is at your upstream DNS servers then.
yes_noscript wrote:Did you have the same problem with for example XDA-forums and the Thanks-button?
I'm not a member of that site, so I'm not sure what you're referring to. Image
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript » Sun Apr 02, 2017 4:51 pm

Yes, i still get the ABE errors with disabled Decentralyes and a browser restart.
I use Decentraleyes a long time but the error is new.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1

barbaz
Senior Member
Posts: 8871
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz » Sun Apr 02, 2017 5:18 pm

Hmm. When you get that error, what does about:networking give for the DNS lookup of ajax.googleapis.com?
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply