Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG Reports DNSBL Block HTTPS empty

    pfBlockerNG
    3
    8
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      focheur91300
      last edited by

      Hello,

      I am currently experiencing a problem with pfBlockerNG.

      pfBlockerNG does DNSBL blocking.

      However, all HTTPS connections from DNS/FQDN are not displayed in the reports section.

      Example below:

      I go to the following site : https://korben.info/

      This one displays the following page :
      9750a3e8-f1da-4065-af27-c750611b62d1-image.png

      This is not displayed in the report tab of pfBlockerNG :
      f4fa68b9-247f-4c17-a556-70eb4b3da706-image.png

      I know it works because when I type the command nslookup, I get the following result:
      33b2022e-78d3-41d2-848d-f513c8283b81-image.png

      Additional information:

      • pfSense version 2.5.2
      • pfBlockerNG-devel version 3.0.0_16

      Thank you to the community in advance.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @focheur91300
        last edited by

        @focheur91300 said in pfBlockerNG Reports DNSBL Block HTTPS empty:

        This one displays the following page :

        It displays also the URL it tries to visit. Where is it ?
        I bet it isn't "korben.info" but "10.10.11.1".

        Ask yourself this one question : does this "10.10.11.1" has a certifcate that states it "korben.info" ? I add a cleu : Who is the admin of 10.10.11.1 (answer : you) so ask yourself : did you add it ? (Can you even get it ?? ;) )
        Of course not That's what TLS https is all about.

        Or, the connection is "https" and the web browser wants and insists on retrieving a certificate that says the visited site 10.10.11.1 is "korben.info".
        It isn't. An dthat why the message is shown.

        So, this small question gives you an important answer : do not use, as it is useless, the build in "pfBlockerNG web server that shows blocked DNSBL in your browser".
        It won't work for TLS (https) sites.

        So, keep on logging, but don't use "DNSBL webserver" any more, as users start to think something is wrong. Which is not the case.

        0b96e086-8753-4452-8cd0-73769634cc23-image.png

        And it common knowledge that 99,9 % of all web traffic is TLS (https) traffic.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        F 1 Reply Last reply Reply Quote 0
        • F
          focheur91300 @Gertjan
          last edited by

          Hello @gertjan,

          Thank you for the quick and clear answer.

          However, I can't find the option you mention:

          a456fb08-6495-4650-864d-198125301322-image.png

          Thank you.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @focheur91300
            last edited by

            @focheur91300

            Humm. Can't tell.

            For each DNSBL 'feed', you can choose :

            338f27a2-28e5-4665-969e-5e692b384c8f-image.png

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            F 1 Reply Last reply Reply Quote 0
            • F
              focheur91300 @Gertjan
              last edited by

              @gertjan
              Thank for informations.

              I have no entry in the report tab of the site.

              keyserK 1 Reply Last reply Reply Quote 0
              • keyserK
                keyser Rebel Alliance @focheur91300
                last edited by

                @focheur91300 That’s because you are running pfBlockerNG in “Unbound Mode”. To have the Global null (Logging) option, you need to run pfBlockerNG in “Unbound Python Mode”.

                But beware - there are issues with sustained diskwrites in this mode - regardless of you electing to not log anything.

                This will be a serious issue if your pfSense box only has a 8Gb eMMC - that will burn through it’s lifetime writes in a year or two.

                If you have a large SSD (128Gb or more) or a HDD it’s of no real consequence.

                Love the no fuss of using the official appliances :-)

                F 1 Reply Last reply Reply Quote 0
                • F
                  focheur91300 @keyser
                  last edited by

                  @keyser
                  Thanks again for the information.

                  Could you send me a capture of your configuration with Unbound Python Mode.

                  Thanks in advance.

                  keyserK 1 Reply Last reply Reply Quote 0
                  • keyserK
                    keyser Rebel Alliance @focheur91300
                    last edited by

                    @focheur91300 Unfortunately I can’t. I’m on a SG-2100 with a 8Gb eMMC that would be worn out in a year by using python mode, so I’m using Unbound Mode like you.

                    But there are several posts here on how to configure python mode, and it’s very easy.

                    Love the no fuss of using the official appliances :-)

                    1 Reply Last reply Reply Quote 0
                    • B booshwa referenced this topic on
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.