Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG does not seem to be blocking these session replay sites

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhjdhj
      last edited by

      Re: Session Replay Company ip addresses to block

      I didn't know about these mouse tracking sites. I just checked and while "Easy Listings" is enabled on my firewall (and fullstory.com (for example) is on it), I'm able to connect to fullstory.com from my browser which suggests that these sites are not being blocked.

      Any idea what might be wrong?

      Thanks

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @dhjdhj
        last edited by

        @dhjdhj After you had added the site, did you force update pfBlockerNG then cleared your browser cache and try?

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • D
          dhjdhj
          last edited by

          I didn't add the site - it was already there and enabled, presumably as part of the initial installation of that package.

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense @dhjdhj
            last edited by

            @dhjdhj Is your pfSense box set up to be the only source to resolve DNS request? The device you accessed the site could be doing its own DNS request bypassing pfSense.

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • D
              dhjdhj
              last edited by

              Ah - that's an interesting question. My machines are doing their own DNS requests and not going through the pfSense box. I was going under the assumption that the pfSense (and pfBlocker for that matter) would do the blocking based on actual IP addresses (via firewall rules), i.e, after DNS resolution.

              If blocking happens only based on names, then that would certainly explain why those sites weren't getting blocks.

              Thanks so much for that feedback - I'll verify immediately.

              NollipfSenseN 1 Reply Last reply Reply Quote 0
              • NollipfSenseN
                NollipfSense @dhjdhj
                last edited by NollipfSense

                @dhjdhj Remember, IP address changes whereas domain name doesn't.

                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                1 Reply Last reply Reply Quote 0
                • D
                  dhjdhj
                  last edited by

                  @NollipfSense said in PfBlockerNG does not seem to be blocking these session replay sites:

                  Remember, IP address changes whereas domain name doesn't

                  Actually, I would have expected the opposite. Larger companies get a static block of IP addresses. They can trivially create hundreds of "names" all of which resolve to one of those static IP addresses. So if I'm "Fullstory.com" (for example), then I can easily create a.fullstory.com, b.fullstory.com, c.fullstory.com or even register lots of DNS names (fullstory1.com, fullstory2.com, fullstory3.com, etc) but ultimately they're all going to resolve to one of the static IP addresses that have been allocated to the company.

                  Hence I'd much rather block the IP address in such cases.

                  I realize that lower-end systems using virtual domains can share the same IP address but googleads, doubleclick, fullstory, etc aren't doing that!

                  NollipfSenseN 1 Reply Last reply Reply Quote 0
                  • NollipfSenseN
                    NollipfSense @dhjdhj
                    last edited by

                    @dhjdhj You can always create IP (4 or 6) custom list however it's fruitless if pfSense is not handling all DNS request.

                    pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                    pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dhjdhj
                      last edited by

                      Yes, I understand completely (now that you explained) --- I did not realize that pfBlocker was working at DNS level - I assumed that it was putting IP blocks in firewall rules.

                      Thanks again the help

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.