Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cert error - tracker.h3x.eu

    pfBlockerNG
    2
    5
    917
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justsomeguy6575
      last edited by

      Using this list in DNSBL https://tracker.h3x.eu/api/sites_1month.php I am getting cert errors on certain sites. For example I can't access github if using this list as it gives the "Your connection is not secure" message. Disable the list and it works fine. Searching the list shows entries like"****://github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20141213/mimikatz_trunk.7z". Why would this be causing a cert error for all of github though?

      1 Reply Last reply Reply Quote 0
      • J
        justsomeguy6575
        last edited by

        Sounds like it might be related to the same issue as here https://forum.pfsense.org/index.php?topic=124945.0
        However I am not using safari, I'm using firefox. It actually does the samething in IE and edge browsers.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          When you try to browse to an HTTPS site that is being blocked by DNSBL, the browser can throw a cert error, as the DNSBL Certificate doesn't match the Domain name being requested. DNSBL is not attempting to MITM these blocked domains as its sole purpose is to quickly have the browser drop the request for these blocked domains.

          Some of these feeds post URLs that contain malware, however, some of these sites are also considered false positive…. If you never have any use to goto dropbox or github, then you can safely keep those Domains listed in DNSBL. However, if these sites are required for your use, you will need to add them to the DNSBL Whitelist. Click on the "+" DNSBL Whitelist in the Alerts tab to have it automatically whitelist it for you...

          The next version of the package will have an option to add all or certain user selected domains to a custom DNSBL list that will utilize 0.0.0.0 instead of the DNSBL VIP. This will just drop those DNS requests without logging, and without the Certificate Failure notice.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • J
            justsomeguy6575
            last edited by

            Makes sense. Thanks for the explanation and all the work you put into this.

            am I correct in assuming it's not possible to block say github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20141213/ but not block github.com itself?

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @justsomeguy6575:

              Makes sense. Thanks for the explanation and all the work you put into this.

              am I correct in assuming it's not possible to block say github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20141213/ but not block github.com itself?

              No DNS Filtering (DNSBL) will block the full domain or sub-domain DNS resolution… You would have to use a Proxy to filter by a URL.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.