PfBlockerNG Breaks realtor.com

kklouzal

After enabling PfBlockerNG and setting up DNSBL feed + easy list my family is no longer able to search on realtor.com

The actual website will load however the main search function for the website no longer works, the search button itself does absolutely nothing when pressed, alternatively hitting your enter key results in the same effect.

What's going on here?

BBcan177

Did you check the Alerts Tab to see what is being blocked?

You can also hit F12 in the browser and goto "Console" to see the Domains that are blocked…. You can then Whitelist any Domains that you wish to exclude from DNSBL.

kklouzal

I immediately checked the alerts tab and only see entries for google ad servers. Is there a way to enable more than the last 5 entries? I also went into F12 debug console on my browser and the form seems to point to 'move.com' after whitelisting '.realtor.com' and '.move.com' then performing a force update the website is still broken. Only after disabling PfBlocker and restarting my firewall does the site work again.

RonpfS

Look at the dnsbl.log in the Logs Tab as consecutive Alerts are not displayed in the Alerts tab.

BBcan177

You can change the Alert entries at the top of the page in "Alert Settings"…

You browser may have had a cached DNS resolution for those Domains and was still pointed to the DNSBL VIP address.... Best to clear the OS and Browser Cache after DNSBL Whitelisting.... All this is in the notes after Whitelisting...

BBcan177

@kklouzal:

Running the force update/cron update does not appear to actually update the whitelists requiring a firewall reboot

Click on the Blue Infoblock icon in the Update Tab… it will explain what the different "Force Options" mean...

Also in the DNSBL Custom Domain Whitelist (Infoblock):

Note: These entries are only Whitelisted when Feeds are downloaded or on a 'Force Reload'.
Use the Alerts Tab '+' Whitelist Icon to immediately remove a Domain from Unbound DNSBL.

kklouzal

I cleared my browser cache using CCleaner and flushed dns with 'ipconfig /flushdns'. The package force/cron update appears to not update everything as a firewall reboot was required.

After once again enabling pfBlocker and restarting my firewall realtor.com is no longer working. Nothing aside from some youtube and google ad servers are showing up in the dnsbl log file. Again disabling and rebooting the firewall fixes the issue.

kklouzal

I ran all 3 force update options just to be safe.

kklouzal

If you want to use teamviewer or something to see for yourself whats going on, by all means let's do it!

RonpfS

Did you check the IPV4 alerts ? Maybe the IPs of realtor.com are blocked ?

BBcan177

When you manually add the Whitelisted Domains, the Unbound Resolver may have also been caching that Domain….

When you use the Alerts Tab "+" icon it runs a flush command to remove any traces of the Whitelisted Domain from the Resolver....

So since you manually added that Domain to the Whitelist, its probably the reason why its was still cached... The reboot cleared the Resolver cache and that allowed you to access that Domain....

You could run this command to clear a Domain manually from the Resolver:
(Change example.com to the domain to be flushed):

unbound-control -c /var/unbound/unbound.conf flush example.com

And this will show whats in the Resolver cache:

unbound-control -c /var/unbound/unbound.conf dump_cache

kklouzal

The only entries that show up in the Alerts tab are ones in the DNSBL section. The only entries in the dnsbl.log file are unrelated to realtor.com. In fact, now that I've done the force updates, changed the settings in the Alerts tab to show 50 entries, and refreshed the log file a few times. No new entries at all are showing up in the Alerts tab or the .log files….... Going to reboot my firewall again.

kklouzal

I cleared pfBlocker's settings by unchecking the first two tick boxes, saving, rechecking them, saving, then force updating, then rebooted the firewall. No new log or alerts are showing up. Ads are still being blocked and realtor.com is still broken.

Why is this package so borked??? I had to remove it before due to the memory issues and now I'm going to have to remove it again. It's just not stable and highly inconsistent.

BBcan177

You mean this site?

Hmm… looks ok to me... Check your Whitelists... sometimes its a CNAME that is being blocked...

pftdm007

Yes he means this site..  8)

Works for me here too.

@kklouzal:

Why is this package so borked??? I had to remove it before due to the memory issues and now I'm going to have to remove it again. It's just not stable and highly inconsistent.

I've had this a million times.  Perform troubleshooting step by step with a clean state in between (reboot the FW if necessary) and I bet you will find whats going on.  I bet your site points to another site which points to a dozen other sites, and so on so forth which are blocked.  Not uncommon these days.  Some sites wouldn't load (for me) because while they were allowed (not on any block lists), they were loading tons of content from facebook.com which is blocked here.  My guess is that their website was so badly coded (or they purposely forced the users to go through facebook) and wouldnt load unless access to FB was 100%.

Again, pfsense and therefore pfBNG can be hard to troubleshoot but in the end works very well.  pfBNG is not borked.  The memory issues you are referring to were caused, as I understands it, by other factors (Maxmind) and not from pfBNG being inconsistent or unreliable..

Finally, if you are not satisfied with pfBNG, who forces you to use it? There are other ways to block domains, IP ranges and such in pfsense, pfBNG is only making all that easier.

RonpfS

Try with another Browser.

pfcode

Just tried realtor.com with pfBlockerNG.  Its working.  so must be your own issue.

BBcan177

@kklouzal:

I immediately checked the alerts tab and only see entries for google ad servers. Is there a way to enable more than the last 5 entries? I also went into F12 debug console on my browser and the form seems to point to 'move.com' after whitelisting '.realtor.com' and '.move.com' then performing a force update the website is still broken. Only after disabling PfBlocker and restarting my firewall does the site work again.

Just an FYI… You went to  www.realtor.com and it loaded, however; the "Search box" wouldn't work.... So why would you put "realtor.com" in the DNSBL Whitelist? You could already access that site? The issue is that the website loads other Domain names. You can review the Alerts Tab or F12 Dev mode in the Browser to see which other Domains are being blocked.

I already had these Domains below in my DNSBL Whitelist, so this is why the page search box worked. Other people have also confirmed that Whitelisting this domain allowed the Seach box to function… Seems realtor.com calls adobe for a javascript file (.js).

assets.adobedtm.com
    san-assets.adobedtm.com.edgekey.net # CNAME for (assets.adobedtm.com)
    e5799.g.akamaiedge.net # CNAME for (assets.adobedtm.com)

The Domain "assets.adobedtm.com" is being listed by the following DNSBL Feeds as an "Analytics Domain":

grep "assets.adobedtm.com" /var/db/pfblockerng/dnsblorig/*

Cameleon.orig:127.0.0.1    assets.adobedtm.com
    MVPS.orig:# 0.0.0.0 assets.adobedtm.com #[affects landsend.com]
    hpHosts.orig:127.0.0.1    assets.adobedtm.com
    hpHosts_ads.orig:127.0.0.1        assets.adobedtm.com

pftdm007

BBcan177, exactly what I thought….

Thanks for demonstrating, and showing pfblockerNG works very well once more!