25.07.1: aspx login page no longer loads, did in 24.11
-
I would love to hear from any of our other readers what happens when they try to connect to this URL. Full page load with login/password stuff, or just an isolated "Wespath" logo? Diagnostic info, if it failed, would also be appreciated.
Netgate 1100 and Netgate 2100, latest pfsense+ version
-
@beerguzzle
Only the isolated "Wespath" text. I see these errors in the javascript console.
-
@beerguzzle here is what I see
This is blocked by my pihole
Found 2 adlists exactly matching 'cdn.split.io'. - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (block) - cdn.split.io - https://raw.githubusercontent.com/blocklistproject/Lists/master/basic.txt (block) - cdn.split.ioAnd then that benefitaccess.org is blocked by ublock origin
Yeah all I get is that wespath black gray logo or whatever... If I turn off ublock.. I get a bunch of crap to loopback on bunch of different ports
This isn't a pfsense issue that is for sure.
-
@beerguzzle said in 25.07.1: aspx login page no longer loads, did in 24.11:
just an isolated "Wespath" logo?
Chrome, Edge all the same — just logo. Do you have pfBlocker enabled?
-
@beerguzzle said in 25.07.1: aspx login page no longer loads, did in 24.11:
https://portal.wespath.org/loginpage.aspx
Looks fine to me :
They probably had some cleaning to do ?
-
@beerguzzle only logo on Firefox/macOS 142.0/aarch and piHole. Same as for johnpoz, cdn.split.io blocked. content.benefitsaccess.org blocked by upstream DNS (Control D, StevenBlack Unified list)
-
Thanks to all the boffins here who gave me some more clues as to what was going on. This was a pfblockerng setting/issue.
I run pfblockerng, with StevenBlack ADs in my DNSBL feeds. Via command line in /var/db/pfblockerng, doing a "find . -type file -print | xargs grep cdn.split.io" there it was in his list. So I went to pfBlockerNG/DNSBL, went down to DNSBL Whitelist and added cdn.split.io there. Then force reloaded, and checked that the site resolved on my firewall. Then cleared the DNS cache on my Mac, and voila the webpage loaded correctly.
I consider having to whitelist cdn.split.io an ugly fix to my problem. But it is a fix.
In Firefox, using the developer tools->Network, when loading this page I do not see the loopback traffic with odd port numbers that some of you saw. Some setting in the firefox dev tools?
Netgate 1100 and Netgate 2100, latest pfsense+ version
-
@beerguzzle could be your running some app the site is looking for that we are not.. that connection refused could just be generic label because our boxes not listening on it, etc.
Could be something different in our firefox settings? Could be a dns related where we resolved something to loopback and you are not. Lots of things that could cause that. Firefox does use loopback to talk to itself,
[firefox.exe] TCP 127.0.0.1:32193 127.0.0.1:32192 ESTABLISHED [firefox.exe] TCP 127.0.0.1:32194 127.0.0.1:32195 ESTABLISHED [firefox.exe] TCP 127.0.0.1:32195 127.0.0.1:32194 ESTABLISHED [firefox.exe] TCP 127.0.0.1:53567 0.0.0.0:0 LISTENINGBut since site is working for you now, and I have no desire or need to ever go there.. not something worth looking into myself. Its not a pfsense thing.. Could be something in pihole resolve something to that.
-
@beerguzzle said in 25.07.1: aspx login page no longer loads, did in 24.11:
I run pfblockerng, with StevenBlack ADs in my DNSBL feeds. Via command line in /var/db/pfblockerng, doing a "find . -type file -print | xargs grep cdn.split.io" there it was in his list. So I went to pfBlockerNG/DNSBL, went down to DNSBL Whitelist and added cdn.split.io there. Then force reloaded, and checked that the site resolved on my firewall. Then cleared the DNS cache on my Mac, and voila the webpage loaded correctly.
I consider having to whitelist cdn.split.io an ugly fix to my problem. But it is a fix.
I use the Stevens list to, and did't had to whitelist what so ever.
Yes, "cdn.cdn.split.io" is in Stevens list, I found it.But it'a also in the top Tranco TOP1M that I sue :
so that explains why I didn't had any issues. "cdn.cdn.split.io" is auto whitelisted for me as I don't want to have deal with :
The TOP1M feed can be used to whitelist the most popular Domain names to avoid false positives.
When I searched in line 8476 (a very long line, thousands of hosts (10791 !) are listed in there, I found "cdn.cdn.split.io". So it was filtered out, among 106 others - see image.
@beerguzzle said in 25.07.1: aspx login page no longer loads, did in 24.11:
I consider having to whitelist cdn.split.io an ugly fix to my problem. But it is a fix.
Not ugly.
When you chose a list, you take it as a whole. If any false positives exits in it, you have to white list them all.
The perfect list for you ... can only be created (and maintained) by .... you ;) -
@johnpoz I thought about that but here the two ports I noticed as the page loaded were 3389 and 5900 (counting up). Which seems not so random. I didn't let it run very long. I was just trying to see if something wasn't loading.
And FWIW the 27.07 router I have does have pfBlocker blocking ads, and the other doesn't, but I wasn't going to try it on the other one again.
Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
Upvote 👍 helpful posts! -
@SteveITS yeah those ports do stick out for sure.. And do seem odd for sure.. You wouldn't run your own app on those ports - those are for sure for rdp and vnc..
Wespath is some church run investment something.. I would never in a million years have any desire to do any business with them ever..
-
@SteveITS Since the Netgate 2100 is at the Methodist local church and I support the firewall, this was a real user issue. They access the site monthly to do retirement account contributions for the church employees. Fortunately the login mechanism (once you can see it) requires two-factor authentication. Glad for that.
