Problem with Pi-Hole and Prevent Internet sites from request

Discussions about the Application Boundaries Enforcer (ABE) module
yes_noscript

Problem with Pi-Hole and Prevent Internet sites from request

Post by yes_noscript »

I use a RaspberryPi with Pi-Hole as ad- and trackingblocker for all devices in my network.
But with enabled ABE the default SYSTEM rule block for example the https://decentraleyes.org/test/ test.

How can i modify it so requests from the Pi-Hole (only avaiable over LAN) are allowed?

Edit: I mean that rule:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

So Pi-Hole is just loading downloadable HOSTS files into dnsmasq, correct?

If so, the solution is actually to modify the HOSTS files. Point blocked domains to 0.0.0.0 instead of 127.0.0.1. Or change the download URLs of the HOSTS files to the 0.0.0.0 versions, where available.
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

I dont know how Pi-Hole works :mrgreen: I'm not a linux guy.
Did you know how i do that?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

Wait, hang on, it also redirects some blocked requests to a local server. Try putting this at the very top of SYSTEM -

Code: Select all

Site ^https?://192\.168\.1\.101[:/]
Accept
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

Thank you very much!
That works perfect!

Does that disable the "Prevent Internet sites from requesting LAN resources." rule?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

yes_noscript wrote:Thank you very much!
That works perfect!
You're welcome! Image
yes_noscript wrote:Does that disable the "Prevent Internet sites from requesting LAN resources." rule?
Only for requests to that one local server. Everything else on your local network, including your own computer, is still protected just as before.
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

Thanks!
Yeah, yesterday i see that the protection still works.

:)
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

Argh, today i found that:

Code: Select all

[ABE] < LOCAL> Deny on {GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js <<< https://forum.xda-developers.com/oneplus-2/development/6-0-x-cyanogenmod-13-oneplus-2-t3292436/page1413 - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Is that because of Decentraleyes? But i wonder why i doesnt get that before Pi-Hole
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

Please post the DNS lookup of ajax.googleapis.com
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

nslookup ajax.googleapis.com
Server: UnKnown
Address: fd00::8312:a96:59ec:10d6:ca6a

*** ajax.googleapis.com wurde von UnKnown nicht gefunden: No response from server.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

Image That's a rather odd response for a dnsmasq-based blacklist. Maybe I'm still missing something about how Pi-Hole works, but my own dnsmasq-based blacklisting attempts always resulted in either 0.0.0.0 or NXDOMAIN being returned.
yes_noscript wrote:But i wonder why i doesnt get that before Pi-Hole
So if you disable Pi-Hole, any change in the ABE warning and/or DNS lookup of ajax.googleapis.com?
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

I mean i got no such ABE errors before Pi-Hole.

When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result

Did you have the same problem with for example XDA-forums and the Thanks-button?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

yes_noscript wrote:When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result
Then the ABE warning cannot related to Pi-Hole, can it? So please try re-enabling Pi-Hole and disabling Decentraleyes. Do you still get the ABE warning?

Probably the DNS failure is at your upstream DNS servers then.
yes_noscript wrote:Did you have the same problem with for example XDA-forums and the Thanks-button?
I'm not a member of that site, so I'm not sure what you're referring to. Image
*Always* check the changelogs BEFORE updating that important software!
-
yes_noscript

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by yes_noscript »

Yes, i still get the ABE errors with disabled Decentralyes and a browser restart.
I use Decentraleyes a long time but the error is new.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.2) Goanna/20170322 PaleMoon/27.2.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Problem with Pi-Hole and Prevent Internet sites from req

Post by barbaz »

Hmm. When you get that error, what does about:networking give for the DNS lookup of ajax.googleapis.com?
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply