I’m running PfSense+ 21.05.2-Release, along w/ the PfBlocker 3.1.0 pkg on my Netgate 6100 controlling my home network. When I browse products on the website: cotopaxi.com, the, “Add to Cart,” button is missing. This occurs on both Safari and Google Chrome browsers. To make it even more interesting, this only occurs when searching products in their, “Del Dia,” collection. Instead of the option to choose one’s style & add it to the cart, it gives an error msg about not being able to contact their servers.
I watched Tom’s video about setting/using PfBlocker, and I’ve looked through the list on, “Alerts,” to see what I can whitelist, but I can’t tell what should be whitelisted from the list of blocked sites. Even after I researched the sites by clicking the, “i,” on the Alert list, and going to some of the sites, I can’t find enough info about them to figure it out.
I’ve attached some pics of what I’m talking about. Two of the screenshots I took using my phone to access the webpage in question to show an example of how the page should look, as well as, how it actually looks when I access the webpage on my home network. The final picture is a screenshot of the list of sites blocked when I refresh the webpage.
Am I looking at the right report on PfSense/PfBlocker to identify what I need to whitelist? If so, is there anyone out there that knows what might be the culprit here? What other info do I need in order to better troubleshoot this problem?
I just tested that site, I could add an item to my cart via firefox on my laptop. I’m running pfBlocker too. The difference between our builds will be the lists.
Have no idea how to identify what’s getting blocked, might also be your phone.
However, I have a vlan for guests which doesn’t use pfBlocker, if I have a situation like yours, I can just use the guest network.
Thank you for the prompt reply @neogrid. You’ve helped me before. Thank you.
By, “different lists,” are you referring to those listed in the IPv4 section of Firewalls → pfBlockerNG → IP → IPv4? The screenshot here is what’s listed after clicking the edit icon.
Would I need to go down this list and change the, “State,” on each of them from, “Auto,” to, “Off,” “Hold,” or, “Flex,” to find out which one is the culprit? I’m assuming yes, but just want to make sure.
I’m not too sure how to troubleshoot pfBlocker, if something isn’t working on a page it could be anything. However, you could either disable the pfBlocker rules on the interface or take pfBlocker off the interface in Firewall > pfBlockerNG > IP > IP Interface/Rules Configuration that will at least allow you to complete your action.
Try using Firefox and see if your problem persists, neogrid stated no problem. otherwise try unblocking klaviyo.com that may be your hang up. Klaviyo is marketing automation software see details: https://www.klaviyo.com/
Do you have the pfBlockerNG widget on your dashboard? Your first stop would be to look for/at the list which is incrementing up. Then you have to guess which site it is you need to get to and allow it. Dont forget to run an update job! Good luck!
I do something similar to what @neogrid does in that I have a filtered LAN and a less filtered guest network. If something doesn’t work on the LAN I switch over to guest temporarily (which is the default for most of my devices anyway, LAN is just phones and Rokus which cant protect themselves very well). On computers I use the uBlock Origin browser extension which gets things the network filtering cant.
I have found that you do really need to be careful of the lists you use because a lot of them will contain false positives. I use pfSense for my main router and DNS. In Firewall > pfBlockerNG > DNSBL > DNSBL Groups I have a custom list anchored at the top so I can block a repeat offender with no logging so it doesnt fill up my logs. After that is just phishing army “normal” list and nothing else for DNS lists, although I do block some of the top bad TLDs according to Spamhaus. Nothing of use has ever been caught by this and I have a very low tolerance for false positives.
I’ve then complicated things by having a pihole for my LAN which is a different subnet and VLAN. The pihole uses dbl.oisd.nl and some regex filters then passes DNS queries up to pfSense. I like the pihole interface better for quickly unblocking sites, and regex support is good. The dbl.oisd.nl has a very low false positive rate here and really lives up to the set it and forget it idea.
For IP block lists I stick with a few known bad places which I shouldn’t have to block because service providers should be doing it. Nothing has ever been caught by an IP list on my router but in Firewall > pfBlockerNG > IP > IPv4 (I dont use IPv6 on my network) I have cins army, dshield, ET comprimised, spamhaus drop and edrop. I also have a custom allow and deny list for keeping the logs clean. I have spent a bunch of time playing with GeoIP blocking but find it mostly trouble. GeoIP is not as accurate as you think and some people think those over at Maxmind are wathing where you go a little to closely (IPFire developed their own GeoIP system for this and other reasons). It gives you a good idea of what is going on with your network though and is fun to play with.
Thank you @neogrid and @g-aitc, I’ll play around and see what I find. I did try unblocking klaviyo.com, but so far, no change.
And, thank you @ext1580, I appreciate hearing about what you’ve done. It’'s nice hearing about other setups and possibly being able to use them as well to make my setup work more effectively.
I had hoped this would be a “quick fix,” and a learning opportunity for me, but alas, this doesn’t appear to be that type of issue. Too many variables & not enough clues as to the cause. I did already purchase the product using my cell network, so let’s hope this issue doesn’t come up again. But I’ll keep working on it.
I really appreciate you all giving me your feedback. Thank you.
Thank you @g-aitc, I actually never got around to it because Safari would work when I used my phone on the cell network. I had made some other changes that didn’t seem to work at the time; however, when I tested it just now on Safari it seems to work! So, whatever it was, it’s “fixed” now.
It sucks not knowing what it was, but I’m hoping the problem is so niche, it’ll be extremely unlikely to interfere w/ things anymore.
