When switching the ‘Malware’- list ON for my iPad, the app of the Washington Post crashes after startup. As this list is a ‘fixed’ eBlocker-list, i can’t see what it does.
Other lists in the ‘Pattern Malware Blocker’-section, such as Easylist ‘Annoyance’, ‘Fanboy Social’ and ‘Privacy’ do not interfere with the WP-app.
Rob
@Rob
what do you switch on: Domain our Pattern Blocker list?
You can make an exception on the Dashboard.
Otherwiese you can go in eblocker konfiguration to HTTPS and make an exception for your domain.
If you use Pattern Blocker you can make an recording to determine which connections your
App needs.
I hope this helps a little bit 🙂
regards
PIO
Thank you PIO, making an exception is a good idea although i then still have no clue what went wrong; i circumvent the problem. While eBlocker was ‘away’, i used AdGuard Pro on my iPad and there you can see what happens in the DNS-requests list. Handy.
Anyhow, thank you for your help. Rob
Hi (again) PIO,
To make exceptions, one has to know the URL which need to be excluded; both in the apps of the Washington Post and of The Guardian these addresses are not visible.
- Bythe way, as an answer to your initial question, i switched on ‘Malware in the ‘Pattern Malware Blocker’-section.
Hello Rob
If you use the pattern-blocker your smartphone our ipad has the certifikate?
If yes, you can go to the configuration --> hhtps --> recording
select the name of your device, start recording and then open the app.
in my opinion you must see the domains and addresses you need.
Give me a little time, today in the evening our tomorrow I will make a test.
regards
PIO
zHi PIO,
I included washingtonpost.com and guardian.com in the exceptions of the dashboard, but that didn’t help. It is probable that as soon as these apps try to get a picture or any other item from an external site, eBlocker prevents this and the app tells me ‘clever guy you are, aren’t you, then go and get the news somewhere else’ (or something similar 🙂
Look forward to the results of your test. Have a nice evening, Rob
@robfranssen-fr
Sounds like SSL pinning in the WP app. WP domains need to be defined as "Trusted App" in eBlocker for this to work.
You can also record the domains that fail to connect using eBlocker (in case you don't know the exact domains yet) and add them as App.
Please check the user manual & knowledge base - it should be all there...
Hello Rob,
I tested with iPhone 6.
Domain & Patternblocker Lists enabled
Details for device
Blocker --> automatic, Malware --> Standard, https --> off
WashingtonPost APP works
regards
PIO
Hi PIO and Random,
Did a recording test myself and found 15 url’s, disabled eBlocker for all of them and saved them as a trusted app. Wash Post app (digital version) still crashes.
In the General Forum i wrote an item about ‘Locomotive vs Cargo’. I have an engineering degree, wrote programs in Fortran for an IBM 360 in 1968 and should be able to get this thing working. Fact is, i don’t want to (anymore)
I thought eBlocker was meant as a device to protect all sorts of people, including parents, grandparents, children and anybody who dares using the internet and hates to be spied upon. I’m not a wiz-kid, a tech-savvy, or in any other way gifted as far as the internet is concerned and i assumed that would apply for the bulk of the peoples for which eBlocker was brought into existence. Looks as if that assumption was wrong...
But... thanks again for the assistance. Rob
Hi Pio (and Random),
Although i (nearly:-) gave up, i hate to admit defeat. So, i tried again.
iPad 5e generation, iOS 13.3.1, eBlocker ver 2.4.5, HTTPS Enabled for the iPad, Blocker-setting for device iPad: Automatic, ergo Pattern Blocking. To exclude self-introduced errors, i excluded (switched OFF) the blacklist/category, called AdGuard, which i setup for user ‘Gard’ (used to be called TestUser)
Wash Post App ver 4.0.0 (picture)
Found a lot of baddies for Wash Post and included them in the Trusted App Wash Post (picture). When i switch off the eBlocker in Settings/Devices/iPad, the Wash Post App works like a charm; as soon as i switch the eBlocker on in the same way, the App crashes.
So, there still was ‘something rotten in the State of Denmark’ and it took a lot of effort to find the rotten egg.
One by one, i deactivated all the blocking lists introduced for Pattern Ads, Trackers and Malware without any result.
I then had a closer look at the blacklist/category AdGuard mentioned before. It is a txt-file which i put on a server on the net and included in Settings/Parental Controls/WEB SITE BLACKLISTS as a domain list with its proper URL. There are some 100 domains in it.
As soon as i disabled this category for user Guard AND after rebooting my iPad, the Wash Post App worked fine again.
So now i started trying to find the villain/domain that caused the problem. After lots of trials and errors and many reboots, i replaced the blacklist with a new one with the same name but only ONE domain in it, google.com.
Now i got stuck with the situation (picture)
- if the blacklist is ON, google.com is blocked but the Wash Post App crashes
- when the blacklist is OFF, google.com is not blocked and the WashPost App works fine.
of course, changing from ON to OFF and vv includes rebooting the iPad.
Just to check, i tried the same for the category ‘Gambling’ (only) for user Guard and either ON or OFF, the Wash Post App doesn’t care and works fine.
Whats happening?
One more picture
One more picture
Hi @robfranssen-fr,
I tested the Washington Post app and found that it stopped crashing when I whitelisted the domain amazon-adsystem.com. I added it on the dashboard in the card "Tracker and Ad Blocker rules" below "But allow connections to".
I had SSL enabled but did not put any WP app specific domains on the SSL whitelist.
Best regards,
Boris
Hi Boris,
Did exactly as you suggested, but problem remains and IMHO is related to the use of the external list blacklist.txt. Whether i include the domain amazon-adsystem.com or not, the Wash Post App keeps crashing as long as the file blacklist.txt remains in the category ‘AdGuard’ in WEB SITE BLACKLISTS and applicable for user ‘Guard’. Even if i empty that file/list completely and make it 0 KB large, the same applies.
Switching OFF the category ‘AdGuard’ when user ‘Guard’ is using my iPad, makes the Wash Post App completely happy again and functions 100% OK.
Hi Boris,
Did exactly as you suggested, but problem remains and IMHO is related to the use of the external list blacklist.txt. Whether i include the domain amazon-adsystem.com or not, the Wash Post App keeps crashing as long as the file blacklist.txt remains in the category ‘AdGuard’ in WEB SITE BLACKLISTS and applicable for user ‘Guard’. Even if i empty that file/list completely and make it 0 KB large, the same applies.
Switching OFF the category ‘AdGuard’ when user ‘Guard’ is using my iPad, makes the Wash Post App completely happy again and functions 100% OK.
Still not solved, so i tried again.
Made ‘other’ User and gave ownership and use of my iPad to this user.
Made new categories in both WEB SITE BLACKLISTS and WEB SITE WHITELISTS
In both cases as a domain list with their URL’s (entering URL’s in Safari shows domains in respective lists)
Now, when editing ‘Define Access Restrictions’ for the new user, i can’t see my new blacklist-category (only the predefined ones), let alone my new whitelist-category. Under exceptions i only see fragFINN.
Am i forgetting some setting somewhere or am i plain dump?
Rob
Ok, got my blacklist.txt file linked to the new user again, but could somebody please explain how (and under which circumstances) i can do the same for the whitelist.txt file introduced in WEB SITE WHITELISTS?
Regards, Rob
Hi,
in my opinion that is not intended at all.
you can add trusted apps and domains.
The user can view individual websites in the dashboard black- our whitelists.
@robfranssen-fr @pio78
I guess Rob is referring to the whitelist section in parental controls. This is to whitelist individual domains that have been blacklisted in standard parental controls blocking lists.
So if you decide to block the pre defined category „social media“ but want to allow access to facebook.com - use the whitelist.
You are right Random, i’m struggling with parental controls.
But does what you say mean that this whitelist only excludes domains which are already included in the blacklist from the category included in WEB SITE BLACKLISTS?Or can i include any domain in this whitelist, independent of the domains listed in the blacklist?
And having said that, is this whitelist and/or category independent from users?
Regards, Rob
I should have made the explanations below before i replied to your comment, but there are 2 point against your comments.
1a. In Settings/Parental Controls/WEB SITE BLACKLISTS i made a Category based on a blacklist.txt-file with lots of domains, among others google.com and amazon.com
1b. In Settings/Parental Controls/WEB SITE WHITELISTS i made a Category based on a whitelist.txt-file with only the two domains google.com and amazon.com
1c. After applying the Category with the blacklist.txt-file to a user and giving ownership and use of my iPad to that user, visiting amazon.com is blocked by Parental Controls in spite of the fact that this domain is whitelisted in 1b. (the same applies for google.com)
2. After giving ownership and use of my iPad back to Parent/Eltern (Settings/Devices/DEVICE LIST/iPad/USERS) i went to Settings/Parental Controls/USERS/new user and tapped the button ‘EDIT’ right under the line “Access to web sites is not restricted”. The window “Define access restrictions” is then opened, showing the blacklist-Category i made earlier under 1a.
If i then tap the switch “No exceptions”, i only (!) see the Category ‘fragFINN’ under the allowed categories and NOT the whitelist-Category i made earlier under 1b.
Hope the concealed secrets of the eBlocker can be laid bare.
To 1) Whitelists only works against PRE-DEFINED eBlocker lists. Otherwise it wont make any sense. Why blacklist anything individually you whitelist afterwards? Simply don‘t put it on the blacklist.
To 2) Maybe a bug or user error?
I can see the logic behind your remark and most (!) probably you are right 😉
Another thing i found is, that if you link Parent/Eltern to that same blacklist.txt-file and let Parent/Eltern be the user of a device, you can’t Pause that device anymore.
Probably logic as well, but then the Parent/Eltern isn’t really a Parent/Eltern anymore...
@robfranssen-fr
If kids could pause the device there would be no protection.
As discussed earlier: Parental Controls are a work-around(!) to get your static google list working. eBlocker was never intended for this.
eBlocker is made to pull blocking lists from URLs (today). If you have the chance to upload your list to a publicly available web server - that would be the right way to go. Then simply add the URL to the blockers lists - and you get the pause button back 😉
Thank you for the tip Random and yes the blacklist.txt-file already is on a public server. But what if your blocklist.txt-file is a domain-list and the automatic blokker-setting of your device switches to Pattern-blocking (only) for that device?
I accept your comment about “a work-around(!)” and i probably should forget the whole idea. One advantage though: I get to know the eBlocker better 🙂
Regards, Rob
@rob franssen
I noticed that too but there are more factors in place:
HTTPS is a mess on allot of levels...
DNS over HTTPS (DoH)
DNS over TLS (DoT)
I see pattern files similar as to REGEX entries but with more features and a rule set. 😉
The DNS (Domain Filter ??? if it kicks in) But had to try something first. Since I can not see if DoH even works with eblocker as for Domain Verification I hooked up a second Raspi. to my setup.
Adguard Home with Unbound DNS Resolver to Root servers with DoH Cain Verification.
AND
Since that combo it truly blocks at the DNS Level plus the pattern filters of eBlocker on all devices that have HTTPS inspection active.
Why did I choose Adguard Home before Pi-hole?
Easy
I asked Pi-hole devs. for assistance once and I will never do that again! As for Adguard Home it shows you all query requests including A, AAAA, CNAME and more including ttl's.
Like this I can see what happens and the combo works fine.
Best regards
Eli.
Hi Eli,
can you tell me/us, which hardware you use with the Adguard Home solution?
best regards
Sven
Sry forgot to mention I use a Raspi. 4 with 4GB Ram.
Most current Adguard Home version and looped the uplink to Unbound 127.0.0.1:5353 and tcp://127.0.0.1:5353
Sincerely
Eli.
WTF 🙂
Thanks alot for this cool add-on.
Pihole is lightyears away from this tool.
I replaced in around 20 minutes and it works like a charm.
And yes, you can see a lot of more information and the addition of filterlists is done in seconds, without knowing what kind of list is behind the link.
regards
Sven