PfBlockerNG does not seem to be blocking these session replay sites
-
Re: Session Replay Company ip addresses to block
I didn't know about these mouse tracking sites. I just checked and while "Easy Listings" is enabled on my firewall (and fullstory.com (for example) is on it), I'm able to connect to fullstory.com from my browser which suggests that these sites are not being blocked.
Any idea what might be wrong?
Thanks
-
@dhjdhj After you had added the site, did you force update pfBlockerNG then cleared your browser cache and try?
-
I didn't add the site - it was already there and enabled, presumably as part of the initial installation of that package.
-
@dhjdhj Is your pfSense box set up to be the only source to resolve DNS request? The device you accessed the site could be doing its own DNS request bypassing pfSense.
-
Ah - that's an interesting question. My machines are doing their own DNS requests and not going through the pfSense box. I was going under the assumption that the pfSense (and pfBlocker for that matter) would do the blocking based on actual IP addresses (via firewall rules), i.e, after DNS resolution.
If blocking happens only based on names, then that would certainly explain why those sites weren't getting blocks.
Thanks so much for that feedback - I'll verify immediately.
-
@dhjdhj Remember, IP address changes whereas domain name doesn't.
-
@NollipfSense said in PfBlockerNG does not seem to be blocking these session replay sites:
Remember, IP address changes whereas domain name doesn't
Actually, I would have expected the opposite. Larger companies get a static block of IP addresses. They can trivially create hundreds of "names" all of which resolve to one of those static IP addresses. So if I'm "Fullstory.com" (for example), then I can easily create a.fullstory.com, b.fullstory.com, c.fullstory.com or even register lots of DNS names (fullstory1.com, fullstory2.com, fullstory3.com, etc) but ultimately they're all going to resolve to one of the static IP addresses that have been allocated to the company.
Hence I'd much rather block the IP address in such cases.
I realize that lower-end systems using virtual domains can share the same IP address but googleads, doubleclick, fullstory, etc aren't doing that!
-
@dhjdhj You can always create IP (4 or 6) custom list however it's fruitless if pfSense is not handling all DNS request.
-
Yes, I understand completely (now that you explained) --- I did not realize that pfBlocker was working at DNS level - I assumed that it was putting IP blocks in firewall rules.
Thanks again the help
