PfSense blocking payment sites while purchasing

sborg

Have an odd situation whereby users who are able to access shopping related sites, since the shopping category is allowed, but then pfsense blocks the payment site when trying to purchase. after checkout. May I please ask what do I have to do to allow these pages? Or what is there missing from my configuration. Thanks

Gertjan

@sborg said in PfSense blocking payment sites while purchasing:

but then pfsense blocks .....

some site.

I'll motivate you : repeat after me :
" Out of the box, pfSense doesn't block any site or IP of whatever ".
I'm serious, this is the truth.
So, in theory, you can access 1.0.0.0 to 254.255.255.254 ** just fine. That nearly the entire IPv4 "Internet" range.

It's even better, just don't repeat it as it is sentive information :
pfSense, out of the box, is not different from your basic of the shelves ISP or any other firewall router. (yep, they are and do all the same things).

True, pfSense has boat load of 'options'. None are needed to make a working 'LAN' network.

The storry has always a hidden end :
Like this : ... and then the admin added some things and settings, changed some settings etc. And most often the most strange things can happen.

** as I presume that addresses like 0.0.0.4 do not exist.

bmeeks

As @Gertjan is saying -- pfSense with a default install will NOT produce the behavior you describe. What WILL produce behavior that you describe is one or more of the following add-on, optional packages being installed:

• pfBlockerNG
• pfBlockerNG-devel
• Snort
• Suricata
• Using the DNSBL option with pfBlockerNG-devel
• squidguard

If you have a Netgate appliance running 22.05 pfSense Plus, there is a very remote outside chance that a rare unbound DNS resolver bug could be impacting those payment sites. But that is the LEAST likely cause from the possibilities I've listed in this reply.

If you have one of the package options installed from the bulleted list, that's where you need to look for your site blocks. When such blocking packages are used, it is incumbent upon the site admin to fully and completely understand the ramifications and potential for false positives generated by such packages. It is not wise to install large lists of so-called "bad IP addresses" willy-nilly and enable them for blocking. That almost always will lead to undesired blocks, especially as some of the lists are not well maintained.

stephenw10

@sborg said in PfSense blocking payment sites while purchasing:

...since the shopping category is allowed...

This implies you are using some sort of category based filtering. What is it?

sborg

@bmeeks Thank you for your response. Yes indeed I have squidguard and squidguard proxy filter setup on the pfsense itself. I then utilise the Group ACL (in squidguard proxy filter) together with a common blacklist to block and allow specific categories. The problem is that the category shopping is allowed for a specific group of users via a specific ACL but then the payment sites are blocked. Is there anything i should be looking at specifically in the squidguard proxy filter to prevent this from happening? Im sorry if it might seem a stupid question but I inherited the system from a colleague who is no longer with us and still getting the hang of things

bmeeks

@sborg said in PfSense blocking payment sites while purchasing:

@bmeeks Thank you for your response. Yes indeed I have squidguard and squidguard proxy filter setup on the pfsense itself. I then utilise the Group ACL (in squidguard proxy filter) together with a common blacklist to block and allow specific categories. The problem is that the category shopping is allowed for a specific group of users via a specific ACL but then the payment sites are blocked. Is there anything i should be looking at specifically in the squidguard proxy filter to prevent this from happening? Im sorry if it might seem a stupid question but I inherited the system from a colleague who is no longer with us and still getting the hang of things

Sorry, but I'm not a user of squidguard so I claim no expertise there. I maintain the two IDS/IPS packages for pfSense (Snort and Suricata).

There is a specialized Cache/Proxy sub-forum located here: https://forum.netgate.com/category/52/cache-proxy. Try posting your question in there with some specific details about your setup. Likely there are other squidguard users in there who can help.

stephenw10

I'll move this topic to there.

Check the logs to see what is being blocked and why.

You probably need to enable the finance categories. Though you might need to whitelist some domains yourself if the list you're using isn't current or simply doesn't include whatever sites you're seeing blocked.

Steve