@Anaerin
It looks like the issue is Wireguard. Disabling Wireguard, removing it's interface, tunnel and peers removes the rules.

Quite why Wireguard is grabbing the wrong subnet for the VPN subnet and redirecting it to the local net is an issue.

@laov said in Override website address (DNS lookup):

Thus I would like to automatically redirect all website.com lookups to website.net.

Both have the same IPv4 and or IPv6 ?

@jimp thanks for looking into this. I will use that URL for future items. I did not know about that other URL until today.

@tbr281 said in Block redirect:

Just wish it would redirect it.

Even "dirty websites" use TLS these days. Easy to recognize, their URL starts with https://

Without drastic measure on your LAN, that is, all your web visiting devices and pfSense, you can't redirect https://"dirty websites" to https://DuckDuckGo
Your browser won't allow this.
The test : is the host name "dirty websites" present in the certificate obtained ? will fail.
Have a look :

e2e336b4-a7bf-4b88-ab68-5e617416ed3b-image.png

That's doesn't look like "dirty websites" : your browser will refuse the connection.

If it was possible, you would also be able to redirect https://some-bank-acess-you-use to https://some-bank-access-you-use, and because you control some-bank-access-you-use (and your site looks identical to some-bank-acess-you-use), now you get the access credentials.
And five minutes later you can access https://some-bank-acess-you-use with the credentials you've obtained, and do what you want.
The thing is, why would you ask if something if possible if you don't want it to be possible ?
After all, https://"dirty websites", or https://facebook.com or https://some-bank-acess-you-use or https://some-bank-acess-you-use, for your PC, switch, pfsense, upstream routers of your ISP etc, its all the same : a connection to some server over port 443, TCP.

@chinraam said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;:

Can you please guide or let me know how to overcome?

I'm not modifying or editing any of the pfSense PHP files. So I have no issues neither errors.

I can't do "self registration" as I'm not allowed (and not want to, neither maintain) ask for any private info like phone numbers or email addresses.

@stephenw10 I just tried it again and it works. Looks like they finally updated their certs. Thanks for the help!

If you want

hostA.domain.tld to return local
hostB.domain.tld to return public
hostC.domain.tld to return local

Then you would have to create host overrides for each specific fqdn that you want to return local.

Or you can go the other way and do a redirect, and then just create records that point to your public IP for those fqdn.. Depends on how many you have on what side, etc.