shopify sites
-
I am wondering why pfblockerng is blocking shopify sites like clivecoffee.com and huckleberryroasters.com. Grep didn’t find any lists with these domains. I know i can whitelist, but really want to learn why it is happening.
Thanks
Jerold -
And how do you know its blocking? what IP is it resolving too? Are you getting NX, Refused when you try and query it?
-
When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify.
-
Well then they are either being blocked by a list your loading that you can grep for the domain. Or you by an geoIP block..
I show that clivecoffee being in CA
23.227.38.32
-
@jpvonhemel said in shopify sites:
huckleberryroasters.com
AS details for AS62679 :-
aut-num: AS62679
as-name: ASN-SHOPIFY-1
descr: Shopify, Inc
descr: 150 Elgin St, 8th Floor
descr: Ottawa, ON K2P 1L4
descr: CA
import: from AS23352 accept ANY
import: from AS14244 accept ANY
import: from AS6461 accept ANY
import: from AS46887 accept ANY
import: from AS63408 accept ANY
import: from AS2914 accept ANY
export: to AS23352 announce AS62679
export: to AS14244 announce AS62679
export: to AS6461 announce AS62679
export: to AS46887 announce AS62679
export: to AS32787 announce AS62679
export: to AS63408 announce AS62679
export: to AS2914 announce AS62679
admin-c: SHOPI-ARIN
tech-c: SHOPI-ARIN
mnt-by: MNT-SHOPI-1
changed: peter.denitto@shopify.com 20170428
source: ARINIPv4 subnets for AS62679 :-
23.227.32.0/19
23.227.37.0/24
23.227.38.0/23
23.227.41.0/24
23.227.38.0/24
23.227.39.0/24
23.227.53.0/24
23.227.54.0/24
23.227.55.0/24
23.227.52.0/24
23.227.32.0/19
23.227.39.0/24
23.227.32.0/24
23.227.33.0/24
23.227.34.0/24
23.227.35.0/24
23.227.36.0/24
23.227.37.0/24
23.227.38.0/24
23.227.40.0/24
23.227.41.0/24
23.227.42.0/24
23.227.44.0/24
23.227.45.0/24
23.227.46.0/24
23.227.47.0/24
23.227.48.0/24
23.227.49.0/24
23.227.50.0/24
23.227.51.0/24
23.227.52.0/24
23.227.53.0/24
23.227.54.0/24
23.227.55.0/24
23.227.56.0/24
23.227.57.0/24
23.227.58.0/24
23.227.59.0/24
23.227.60.0/24
23.227.61.0/24
23.227.62.0/24
23.227.63.0/24IPv6 subnets for AS62679 :-
2620:127:F000::/44
2620:127:F000::/44
2620:127:F000::/48
2620:127:F001::/48
2620:127:F002::/48
2620:127:F003::/48
2620:127:F004::/48
2620:127:F005::/48
2620:127:F006::/48
2620:127:F007::/48
2620:127:F008::/48
2620:127:F009::/48
2620:127:F00A::/48
2620:127:F00B::/48
2620:127:F00C::/48
2620:127:F00D::/48
2620:127:F00E::/48
2620:127:F00F::/48
2620:127:F000::/47
2620:127:F002::/47
2620:127:F004::/47
2620:127:F006::/47
2620:127:F008::/47
2620:127:F00A::/47
2620:127:F00C::/47
2620:127:F00E::/47
2620:127:F000::/46
2620:127:F004::/46
2620:127:F008::/46
2620:127:F00C::/46
2620:127:F000::/45
2620:127:F008::/45Monday, 6 July 2020 at 19:43:46 British Summer Time
-
Have a look at /var/log/pfblockerng/dnsbl.log
-
Hi @johnpoz I mentioned that grep didn’t return anything for either domain and I don’t have any geo ip blocks loaded at this time. Tomorrow I will take a look at the settings again and see if anything stands out.
Thank you,
Jerold -
You'll see what feeds are blocking it if you follow my screenshots.
-
-
This post is deleted! -
Hello,
I ran through the suggestions above and here is what I have figured out.
Here is my grep output:
Here is the dnsbl name search output:
What is odd is both names resolve to the same ip address. When I used the filter for this ip address, I found the list involved.
Hoping I need to whitelist 23.227.38.32 or myshopify.com. It would stink to have to whitelist every domaine that resolves to this address.
Thanks for helping me!Any other thoughts or suggestions?
Jerold
-
I tried to whitelist the domains and reloaded, but the sites are still blocked. Here is a snipped of what I whitelisted on the reload output. Not sure where to go from here but would really love to learn!
Thanks,
Jerold
-
Initially, when a domain name is 'blacklisted', the resolver hands over the "10.10.10.1" IP, as set up in the settings.
When you whitelist an IP or domain, the resolver 'cache' will get modified .... but the DNS cache in your device (PC, phone ?) will not, it will stay valid for some time, still pointing to 10.10.10.1.That's why Windows has a command like
ipconfig /flushdnsso that the domain get resolved again, and this time it will resolve to the 'real' IP.
-
If the blocked shopify sites are being blocked with DNSBL and a feed, shouldn't I be seeing a page like this?
I am wondering if this isn't an ip block, because no pfblockerngpage is returned.
-
ipconfig /flushdns ran at the command line, but did not allow the page to resolve correctly.
-
@jpvonhemel said in shopify sites:
If the blocked shopify sites are being blocked with DNSBL and a feed, shouldn't I be seeing a page like this?
I am wondering if this isn't an ip block, because no pfblockerngpage is returned.
This is what I would expect to get if pfBlockerNG blocked a website that was on block list that I was using. This is the default block page you get when a website is blocked by pfblocker.
-
My blocked sites, clivecoffee.com and huckleberrycoffee.com do not display the pfblocker black and red screen on load, they simply return this. I am thinking the ipv4 ip address is blocked, and not the domain. I am trying to create an alias whitelist with the ip address, but it does not seem to fix the issue.
-
@jpvonhemel said in shopify sites:
My blocked sites, clivecoffee.com and huckleberrycoffee.com do not display the pfblocker black and red screen on load, they simply return this. I am thinking the ipv4 ip address is blocked, and not the domain. I am trying to create an alias whitelist with the ip address, but it does not seem to fix the issue.
If you haven't already done so, you might give this doc a read as it explains a lot about how to configure DNSBL on pfBlockerNG. It's a little dated but for the most part it is still accurate https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/.
-
@johnpoz said in shopify sites:
And how do you know its blocking? what IP is it resolving too? Are you getting NX, Refused when you try and query it?
Hi John Poz,
I'm sorry, but I don't know what you mean by NX, refused. Would you mind explaining this to me. I would like to learn this.
Thanks,
Jerold
-
If you haven't already done so, you might give this doc a read as it explains a lot about how to configure DNSBL on pfBlockerNG. It's a little dated but for the most part it is still accurate https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/.
Thanks, I will take a look
-
A query with your fav dns query tool, dig, host, nslookup NXdomain meaning what you looking for does not exist, or can not be found. While Refused NS saying he not going to answer you - even if he knew the answer.. SERVFAIL would be another possible status listed in your query.
-
The coffee sites are Cloudfare based - a big web hosting operator.
My guess : you're using a pfBockerNG feed that blacklists entire 'cloudfare' networks, not just the coffee domain names.
Like 23.227.38.64 and 23.227.38.32 you could find 23.227.0.0/16When you see http://23.227.38.64/ you know that http://23.227.38.64/ is a coffee site, but also site that sells book, heavy porn, etc etc (examples) It's a shared virtual web server. One IP hosts many web sites.
-
Blocking cloudflare IPs would be a horrible idea if you actually want to you know use the internet ;)
edit: Quick number pulled up
"Cloudflare is used by 81.2% of all the websites whose reverse proxy service we know. This is 13.6% of all websites."That would be a huge freaking chunk of net to just block ;)
Blocking IPs of major CDN's not really a good idea if you actually want to use the internet ;) Blocking by specific domain names is much better way to block stuff you want to block.
-
Did someone ever come up with an elegant solution to this problem?
Or is it suggested to whitelist the IP address 23.227.38.32?Thanks.
-
@sebm I guess none of us has issues with that IP.
-
@gertjan said in shopify sites:
@sebm I guess none of us has issues with that IP.
None? I would think I’m not the only one who has to allow access to Shopify.
-
@sebm said in shopify sites:
Shopify
Dono what it is - don't use that site - don't block it.
I'm probably not using DNSBL lists/feeds that block cloudfaire IPs and/or domains hosted by ckoudfaire.
And if so, whitelisting the domain name should do it. -
@jpvonhemel said in shopify sites:
Add domain to the DNSBL Whitelist, not the TLD Whitelist. Click on the blue infoblock Icons for more details.
Also recommend to whitelist from the Reports Tab, but clicking the "+" icon, as that will also check if there are CNAMES associated with the domain.
-
I'm having the same issue with IP 23.227.38.32 - My Forum Post
This is blocking a lot of common Shopify sites, slamcity.com, rollersnakes.com
I can see the blocked IP in the URL Alias PRI1_V4 which is an auto generated list, more details in my post on what I've seen.
Issue I have is that the blocked sites are not showing on alerts and whitelisting the Domain Names doesn't work.
-
@mrfrenchfry
You can't mix DNSBL and IP Blocking, they are two different animals.Whitelist IPs for blocked IP Events, and Whitelist DNSBL for DNSBL Blocked events.
See the Reports Tab for the "+" whitelist Icons.
-
@jpvonhemel said in shopify sites:
When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify.
Yeah, I ran across a similar event when I was trying to get to Maglite.com. I didn't disable pfBlockerNG, I just caught the Shopify by time stamp in the alert tab and did a temporary unlock on it. Maglite.com then worked.
