@coolcliff said in Blocling specific URls in a website, not the whole website:

Not the complete website play.google.com.

play.google.com is a FQDN, paly is the host name, google.com is the domain.

play.google.com is an URL that gets converted to an IPv4 and/or IPv6. This process is what DNS is all about. This IP is then used to by the web browser - the FQDN becomes irrelevant, and the "file path part and parameters" = store/apps/details?id=com.game168.gameofmafia is used to ask the needed info from the web server. This parts is of course hidden in a TLS session.
Which means that no one can see it.

PfBlockerNG works with the "DNS"part, and will never see the "store/apps/details?id=com.game168.gameofmafia".

To have access to the "store/apps/details?id=com.game168.gameofmafia" part, you need a http(s) proxy, like Squid.

@Raffi_ Good thought. It is an SG4860. All ports currently in use, but I can probably rejig things to try that. Just have to find the time.

@manjotsc

You Welcome 😉

It could be an error in the third party database being downloaded. Or, IPs "move" (https://azure.microsoft.com/en-us/blog/windows-azures-use-of-non-us-ipv4-address-space-in-us-regions/).

To allow an IP you need a firewall rule above it. What I often do is set up an Alias Native alias and then can use it in whatever NAT or firewall rule I want (which allows ordering). The files are downloaded and stored on disk by country code:
e21f386f-a1f0-41b8-832f-08634edf26db-image.png
Remember to run an Update in pfBlocker after creating the entry, to generate the alias.

As pfBlocker notes you can also default block all, and just allow the desired IPs or countries.

Resolution as follows:

System -> Advanced -> Firewall & Nat -> Firewall Maximum Table - bump up the figure (I'm set to 1,000,000).

System -> Advanced -> System Tunables. If there is an entry called "net.pf.request_maxcount", change the number to match above. If an entry doesn't exist, create one.

Nevermind…it's already fixed in the devel version.
Screen Shot 2020-09-10 at 05.00.24.png

sarrieee 😬

I'm curious on how you determined that pfBlockerNG is the root cause of the issue?

If I were troubleshooting, I would create a firewall rule:
Source = 192.168.25.14:*
Destination = *:53
Enable logging and move it to the top of the rules for that interface and see what it captures.

@JeGr ok thanks ya i made sure malewarebytes was upto date and microsoft antivirus scanner.. its just weird i ordered on amazon then i got 30 min later saying ym order was on hold and you need to check your credit card and of course email address isnt from amazon or if it is an amazon email the link you click on isnt amazon..
so its getting more trouble some these days.. but ok i figured id ask if it was possible.. keep doing what i doing n make sure its spam or not myself..

thank you for your help (:

I wanted to update on the resolution to this problem I had. I didn't want to post a problem and leave it the way this thread went. It turned out that pfblockerng-devel was my problem. Even though it was disabled both in the general tab and dnsbl, when I uninstalled the package, performance went to normal internet speeds. I tested and verified performance before anything was touched, and after I uninstalled it. I put the older version on and it did not affect my performance. I enabled what I wanted and was still good. I'm not sure why this was the issue, but all appears to be good now.

I ran into the same thing.
After look around it appears the IP might have changed.

There is a reddit thread about it I found here:
https://www.reddit.com/r/pfBlockerNG/comments/inat95/new_ip_address_for_safeduckduckgocom_old_ip/

September 5th is about when it broke for my setup, which lines up with the IP change

Hi,

i mean it is normal, then you click the "Anzeige" and behind this "Anzeige" is a https redirect to Ads Server System "ad.doubleclick.net" and pfblockerng broken this Link and you see this "Error Messages".

To open this Link behind the "Anzeige" you must have add this "ad.WHATEVER" to DNSBL Whitelist in pfblockerng. i think you must clean the browser cache and try it again. i use always the Update / Reload DNSBL function too.

but, what says your firewall / pfblocker logfiles in the same moment when you try it to open this link?

BR

@ex1580 @johnpoz Thank you both!

Excellent. Thank you so much for the quick response and reassurances.

@johnpoz John, I have to go. Thanks again for your help. I'll check back later in the day.