shopify sites
-
My blocked sites, clivecoffee.com and huckleberrycoffee.com do not display the pfblocker black and red screen on load, they simply return this. I am thinking the ipv4 ip address is blocked, and not the domain. I am trying to create an alias whitelist with the ip address, but it does not seem to fix the issue.
-
@jpvonhemel said in shopify sites:
My blocked sites, clivecoffee.com and huckleberrycoffee.com do not display the pfblocker black and red screen on load, they simply return this. I am thinking the ipv4 ip address is blocked, and not the domain. I am trying to create an alias whitelist with the ip address, but it does not seem to fix the issue.
If you haven't already done so, you might give this doc a read as it explains a lot about how to configure DNSBL on pfBlockerNG. It's a little dated but for the most part it is still accurate https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/.
-
@johnpoz said in shopify sites:
And how do you know its blocking? what IP is it resolving too? Are you getting NX, Refused when you try and query it?
Hi John Poz,
I'm sorry, but I don't know what you mean by NX, refused. Would you mind explaining this to me. I would like to learn this.
Thanks,
Jerold
-
If you haven't already done so, you might give this doc a read as it explains a lot about how to configure DNSBL on pfBlockerNG. It's a little dated but for the most part it is still accurate https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/.
Thanks, I will take a look
-
A query with your fav dns query tool, dig, host, nslookup NXdomain meaning what you looking for does not exist, or can not be found. While Refused NS saying he not going to answer you - even if he knew the answer.. SERVFAIL would be another possible status listed in your query.
-
The coffee sites are Cloudfare based - a big web hosting operator.
My guess : you're using a pfBockerNG feed that blacklists entire 'cloudfare' networks, not just the coffee domain names.
Like 23.227.38.64 and 23.227.38.32 you could find 23.227.0.0/16When you see http://23.227.38.64/ you know that http://23.227.38.64/ is a coffee site, but also site that sells book, heavy porn, etc etc (examples) It's a shared virtual web server. One IP hosts many web sites.
-
Blocking cloudflare IPs would be a horrible idea if you actually want to you know use the internet ;)
edit: Quick number pulled up
"Cloudflare is used by 81.2% of all the websites whose reverse proxy service we know. This is 13.6% of all websites."That would be a huge freaking chunk of net to just block ;)
Blocking IPs of major CDN's not really a good idea if you actually want to use the internet ;) Blocking by specific domain names is much better way to block stuff you want to block.
-
Did someone ever come up with an elegant solution to this problem?
Or is it suggested to whitelist the IP address 23.227.38.32?Thanks.
-
@sebm I guess none of us has issues with that IP.
-
@gertjan said in shopify sites:
@sebm I guess none of us has issues with that IP.
None? I would think I’m not the only one who has to allow access to Shopify.
-
@sebm said in shopify sites:
Shopify
Dono what it is - don't use that site - don't block it.
I'm probably not using DNSBL lists/feeds that block cloudfaire IPs and/or domains hosted by ckoudfaire.
And if so, whitelisting the domain name should do it. -
@jpvonhemel said in shopify sites:
Add domain to the DNSBL Whitelist, not the TLD Whitelist. Click on the blue infoblock Icons for more details.
Also recommend to whitelist from the Reports Tab, but clicking the "+" icon, as that will also check if there are CNAMES associated with the domain.
-
I'm having the same issue with IP 23.227.38.32 - My Forum Post
This is blocking a lot of common Shopify sites, slamcity.com, rollersnakes.com
I can see the blocked IP in the URL Alias PRI1_V4 which is an auto generated list, more details in my post on what I've seen.
Issue I have is that the blocked sites are not showing on alerts and whitelisting the Domain Names doesn't work.
-
@mrfrenchfry
You can't mix DNSBL and IP Blocking, they are two different animals.Whitelist IPs for blocked IP Events, and Whitelist DNSBL for DNSBL Blocked events.
See the Reports Tab for the "+" whitelist Icons.
-
@jpvonhemel said in shopify sites:
When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify.
Yeah, I ran across a similar event when I was trying to get to Maglite.com. I didn't disable pfBlockerNG, I just caught the Shopify by time stamp in the alert tab and did a temporary unlock on it. Maglite.com then worked.
-
This post is deleted! -
This post is deleted!
