[Solved] Not working for some sites?

31 Posts
7 Users
5 Reactions
812 Views
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

Hi

I don’t know if this is an issue for 2.5.4 beta or if it was present before. Or if I misunderstand a few things.

I have eblocker 2.5.4. On my white cube up an running. When I now surf the web, I wonder why I see the orange eblocker icon on some websites, but not on all. For example I don’t see it on www.sueddeutsche.de. I see it on Xing, but not on LinkedIn. Why is this so?

Thanks

Keep up the good work. 2.5.4 so far runs stable and my VPN finally works again.


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

Hi Gregor,

same for me. 

This drives me nuts, together with the fact that eBlocker does not block all ads, in https mode.

Some more sites without blocker icon:

https://www.inside-digital.de

https://www.apple.com/de/

https://www.mactechnews.de

https://www.ifun.de

https://www.macwelt.de

https://www.amazon.de

https://www.ip-phone-forum.de

https://www.head-fi.org

https://www.welt.de

https://www.bunte.de

https://forum.watchlounge.com

https://uhrforum.de

https://www.testberichte.de

https://www.apfeltalk.de/magazin/

Just a few examples there are a lot more....

I think there is a conflict with navigation items on that sites.

Maybe the developers could check if a placement on the bottom of website is a solution.

 


   
ReplyQuote
(@pio78)
Member
Joined: 6 Jahren ago
Posts: 329
 

@ulmisch

I looked to some of these sites:

bunte.de

welt.de

apfeltalk.de

I become the eBlocker Icon 🙂 

For Amazon I had the exceptionlist aktivated for Amazon, so I became no

eBlocker Icon. Do you have some own exceptionlists aktivated?

 

regards

PIO78

 


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

Hi Pio78,

thanks for checking.

I have no excception list for these sites, except amazon (like you).

Also I have cross-checked with my personalized eblocker configuration and with a fresh install without any customization.

If it helps: I am using a Mac with Safari and Firefox. 

cu


   
ReplyQuote
(@pio78)
Member
Joined: 6 Jahren ago
Posts: 329
 

@ulmisch

do you have IP V6 in your network?

Can you disable IP V6 for testing on your MAC?

 

hint: I have no IP V6 inside my home network 🤨 

regards

PIO78

 


   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2082
 
Posted by: @ulmisch

that eBlocker does not block all ads, in https mode.

Please double check

  • Is the device configured to show the icon?
  • Is https switched on for the device?
  • Is the certificated added correctly to the bowser / OS and granted root/issuer rights on OS level? (My gut feeling is this is the source of trouble)

Are all devices showing the sites listed incorrectly?

If yes, generate a new eBlocker certificate and install cert to client (browser and OS) again and repeat test.


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

@pio78

IPV6 is disabled for my internal network.

It is the same on all devices, even Windows pc with chrome or firefox.

As far as i have tested with multiple installations, always with a newly created certificate, because of my Apple devices, i don‘t think this is the problem.

cu

 


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

@random all checked.

As i wrote:

Also I have cross-checked with my personalized eblocker configuration and with a fresh install without any customization.

cu


   
ReplyQuote
(@mainzelm)
Member
Joined: 5 Jahren ago
Posts: 123
 

I just checked a couple of the mentioned sites and all of them seem to support IPv6 (for some of them, adding www. was necessary). So if the icon appears for some sites and for others not, this seems like a good explanation.

I used https://www.ipv6-test.com/validate.php to check this. Can you confirm that the sites showing the icon do not support IPv6?

Best regards 

Martin


   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2082
 

@ulmisch I’ve checked the sites you’ve mentioned. All work just fine on eOS 2.5.4 (on Raspi) and eBlocker icon is shown. So it must be some configuration issue, I guess. 

Do you have any client that shows the correct behavior? 

Also check the software section in the compatibility list.

If the issue appears just on https sites, it is very probably related to the eBlocker certificate. If you tripple checked the root privileges (I‘m serious), Im not on macOS but on iOS it’s pretty hidden. 

If that’s OK, it is most likely some other tool/software sitting in your net and intercepting your https traffic (mostly for the good).

Do you have anti-virus/firewall/security software running?

 


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@ulmisch I have not been that thorough, just noticed. And I have to admit, that an eblocker which does not work for various sites is sort of useless. On the other hand, this is beta and I cannot recall having this problem last time I used it properly. 

It cannot cannot cannot block all ads and tracks. As usual with all this, as with virus protection, you are running behind the problem. New technologies are developed daily to track us. And we have all different threat-profiles. E.g. I block all connections to anything which appears close to be FB, Google, Twitter etc.(using AdGuard on my mobile devices). And much much more. I am sure there are users who would still want to use google search or twitter but not FB or so. So I think it is difficult for eblocker. And they have to rely on third party filters. And there are lots, you cant check them manually. So I do not give up hope. In fact, if we could support them more, they may have more options to improve. I am not a dev and not a kernel dev, so I cant help technically. 

For me, VPN is much more important. I can stop tracking with local apps such as Little Snitch, AdGuard, Lockdown etc. Certainly it would be better to have all in one, as on eblocker. But this is a hobby. So let’s help them to get it done, for us. 


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@pio78 Good point, maybe I do have this list. I have used eblocker in early 2019 the last time.

So I will check. ‘Thanks for the hing.


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@random thanks. I think I have done so, but I will check tomorrow.


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2082
 
Posted by: @gregor

this is beta

That‘s right. But the „no icon issue“ is well known config issue on the client‘s site - and I‘m 99.99% sure it‘s not a general „beta bug“ as it works fine for all others (and me too).

I feel here things are a bit „chaotic“ as two people who might have different issues are getting mixed up by several people trying to help. At least I‘ve lost track.

What I suggest is to „standardize“ the process and use ONE client only at first.

  1. Switch off ipv6 on client in question
  2. Generate a NEW certificate on 2.5.x (do not use 2019 cert!)
  3. Install new eBlocker cert and double check rights (this is the most common mistake)
  4. Check icon on http. Result? No icon? Is device enabled in devices list?
  5. Check icon on https. Result?
  6. if 5 is „no icon“. Make sure https for client device (not just generally) is enabled, the blocker is „pattern“ or „automatic“ and „show icon“ is enabled.
  7. Still „no show“ after 6? Then check certificate chain of https connection. ie make a screenshot of certificate issuer of https connection in question and post here.
  8. Have you disabled all security/av/firewall by chance? After disabling go back to 5. 

I kindly ask each of you having the „icon issues“ to go step by step and post result (together with clientOS and browser used) here.

I‘m sure you‘ve read this FIRST...

THX!


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

@random good morning Random.

Thanks for your support and patience.

I wanted to try a new installation following all your tips and hints.

Unfortunately I am not able to activate eblocker. The activation server is not reachable.

Do you have troubles on your side?

thx 


   
ReplyQuote
(@pio78)
Member
Joined: 6 Jahren ago
Posts: 329
 

@ulmisch

Good morning,

have your eBlocker full access to the internet?

 

regards

PIO78

 


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@random I completely agree to have a streamlined process to find out what is going on.

macOS Catalina current version, Safari

Blocker connected to a fritzbox 6591

Articles mentioned read and hopefully understood

Blocker shows on this page here the orange power button, so seems to be ok.

  1. Switch off ipv6 on client in question
    1. Not so easy. macOS only allows me to say automatic, manual or link-local. Manual seems to allow me to set my IPv6 address but does not say: disable, so I chose Link Local. Had to go to the terminal and enter:networksetup -setv6off Wi-Fi
    2. This disables it also In the gui of macOS. Again what learnt 🙂
  2. Generate a NEW certificate on 2.5.x (do not use 2019 cert!)
    1. Created new certificate and imported it to the Keyadmin app. Surfing works.
  3. Install new eBlocker cert and double check rights (this is the most common mistake)
    1. SSL set to trust, all others left as is.
  4. Check icon on http. Result? No icon? Is device enabled in devices list?
    1. some sites don't offer http, they all forward to https. But it appears that the sites which I can access using http don't show the icon.
    2. www.kay-schulz.de no icon, www.swisscoach.de icon.
    3. rki.de no icon
  5. Check icon on https. Result?
    1. Icon on eblocker website, on duckduckgo, osxdaily, on Xing, sueddeutsche, Zeit, the intercept, eBay
    2. not on Amazon, not on wikipedia, LinkedIn, spiegel
  6. if 5 is „no icon“. Make sure https for client device (not just generally) is enabled, the blocker is „pattern“ or „automatic“ and „show icon“ is enabled.
    1. eblocker is enabled.
    2. https is enabled including error analysis
    3. blocker pattern is set to automatic
    4. amazon is considered trustworthy 🙁
    5. spiegel as well. OK, it seems I found my problem. Couldn't recall that I actually allowed them to track me. LinkedIn though does not show an icon in any case. Maybe a caching issue?
  7. Still „no show“ after 6? Then check certificate chain of https connection. ie make a screenshot of certificate issuer of https connection in question and post here.
  8. Have you disabled all security/av/firewall by chance? After disabling go back to 5. 
    1. Nope. 

I kindly ask each of you having the „icon issues“ to go step by step and post result (together with clientOS and browser used) here.

I‘m sure you‘ve read this FIRST...

THANKS


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

To summarize for me: It works on https but not on http. Mostly.

Eg. it does not seem to work on https://www.paypal.com/

I checked and it is not enabled in the settings for trustworthy apps.

I works with IPV6 disabled. With automatic it works on some https sites and not on others.

 


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
 

@pio78 

Hi Pio78,

of course it has full internet access, e.g.it is possible to add blocklists.

I have done the setup process with eblocker many times on different raspberry devices.

Even yesterday it worked as usual.

Today there is no connection to your server(s)...


   
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 531
 

@ulmisch

Try to disable and reenable DNS Firewall Option.

@Gregor

Disable additional plugins in Safari like adblocker and tracker blocker, as they can work around the eblocker.

I have this issue in Opera. when there is the internal blocking functions activated, not all sites are working correctly.

regards

Sven


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2082
 

@ulmisch Has https ever worked in your environment? Have you disabled av/firewall etc? I guess either the eBlocker cert has not the correct root/issuer rights or something else is intercepting your ssl traffic. Please share screenshot of the certificate issuer: go to a https site. Click the „lock“ that indicates https in browser. There you can usually find a button „show certificate“ or such. When taking the screenshot, make sure the cert issuer is shown. THX!

@gregor Do I get you right that even on http you don‘t get the logo? (Then it‘s for sure a different issue than @ulmisch has.) If so, let‘s check the route from your device to the Internet. On Win open command shell (type „cmd“ in the search bar). On the shell type „tracert 1.1.1.1“. Post results here. (for other OS please check the Internet how to do a traceroute from your device, I‘m on Win only). THX!


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@calimero I use Firefox with some Add ones such as ublock origin or AdGuard. I also use AdGuard on my iOS devices. The point for me is I really like lockdown and AdGuard, because they allow me more interference and configuration that eblocker. ONe question:

Could I use eblocker as a VPN only and do the tracking with my local device? So disabling the tracking part and keeping the VPN `? Not my preferred option though.


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@random will do tomorrow. Have done a traceroute before most people knew computers do exist 🙂

 


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@random OK, it seems the http part had to do with add-ons on mozilla or caches or who knows what. I tried three http sites (no security) and I get the logo. 

so it seems that is ok.

traceroute to 1.1.1.1 with the VPN on eblocker enabled gives me:

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 8.729 ms 2.479 ms 1.933 ms
2 eblocker.box (192.168.178.33) 5.220 ms 3.519 ms 3.477 ms
3 10.16.0.1 (10.16.0.1) 51.361 ms 49.662 ms 48.865 ms
4 * * *
5 vlan120.as04.cph1.dk.m247.com (95.174.65.1) 58.311 ms 52.516 ms 49.745 ms
6 vlan2915.as04.cph1.dk.m247.com (83.97.21.166) 89.960 ms 68.568 ms 71.039 ms
7 xe-2-2-0-0.bb1.cph1.dk.m247.com (83.97.21.232) 48.502 ms
xe-2-3-0-0.bb1.cph1.dk.m247.com (83.97.21.77) 56.687 ms
xe-2-2-0-0.bb1.cph1.dk.m247.com (83.97.21.232) 48.922 ms
8 213.242.108.77 (213.242.108.77) 57.236 ms 49.733 ms 55.417 ms
9 ae-1-11.bar1.copenhagen1.level3.net (4.69.210.210) 58.459 ms 47.147 ms 50.570 ms
10 ae-1-11.bar1.copenhagen1.level3.net (4.69.210.210) 49.782 ms 56.015 ms 51.431 ms
11 213.242.108.206 (213.242.108.206) 50.803 ms 56.591 ms 88.115 ms
12 one.one.one.one (1.1.1.1) 51.524 ms 51.072 ms 60.330 ms

 

This case seems to be closed except you tell me it is not.

Though testing a bit more thoroughly I wonder about the following:

Safari, no add-ons or so, so no adguard, ublock origin or such. 

https://www.rki.de no orange power button

in the trustworthy urls rki is not mentioned.

And I wonder about the little amount of trackers on other sides such as eBay, hrs, nyt,  . Other tools, such as unlock origin, pivacy badger of off and others (on Firefox without eBlocker in the middle) indicate more trackers. Can that be?

@random I really appreciate your support. I know I am sometimes a pain in the b***


   
Benne reacted
ReplyQuote
(@mainzelm)
Member
Joined: 5 Jahren ago
Posts: 123
 
Posted by: @gregor

Safari, no add-ons or so, so no adguard, ublock origin or such. 

https://www.rki.de no orange power button

in the trustworthy urls rki is not mentioned.

https://www.rki.de is not working for me either. The reason can be found in the browser console: "Refused to load because it does not appear in the img-src directive of the Content Security Policy.". So the site has a specific setting that prevents the loading of the icon, independent of your setup. I think displaying the icon on such sites as well should be possible but requires some work.

Best regards

Martin


   
Benne reacted
ReplyQuote
(@benne)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 1099
 
Posted by: @gregor

Could I use eblocker as a VPN only and do the tracking with my local device? So disabling the tracking part and keeping the VPN `? Not my preferred option though.

@gregor Sure, you can disable tracker and ad blocking (under settings>blocker disable all/unwanted lists) and just use eBlocker as a VPN/TOR gateway. But then you'll also miss tracker blocking in Apps or lower level OS communication. I feel you are rather giving up control - but I don't know your other protection tools neither.

What's the feature or control you are missing in eBlocker? Just write it down like a "use case" - "I want to do xyz to achieve abc" and we can work on improving eBlocker in future. Best spot to post is the "Feature Request" forum...

Thanks much.


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@mainzelm what does this mean? It does not show the icon but blocks still? Or it does not block the trackers from there? And how can sites avoid this and how many sites are there? I am confused. And I believe the Rki doesn’t do this for eblocker, it must mean something to others as well.


   
ReplyQuote
(@gregor)
Trusted Member
Joined: 5 Jahren ago
Posts: 44
Topic starter  

@benne thanks. Why would I miss this tracker blocking in apps? AdGuard and Lockdown e.g. install a VPN and hence block all traffic out of the phone. SO far I used ProtonVPN and AdGuard or little snitch. But to run both in parallel (ad and proton) on the phone causes sometimes a complete block of all network traffic. And when I am at home I would want to have a VPN so all my devices are protected. When I switch on the phone with VPN it makes a network connect before the vpn is active, hence I show my IP. When I have a 24/7 VPN server i am always protected.

Use cases: Do you want it formally as in UML or is Prosa sufficient? 

I try Prosa first before I do it formally.

When I use an app or surf the web, I would like to see, which servers in the internet are contacted to receive information. E.g. if I go to focus.de in the web, the log should show focus.de but then also all the domains, servers, etc, it contacts. E.g. graph.facebook.com, demdex, xxx.doubleclick.google.kingkong.net, google-analytics.com, google-tagmanager.com etc. I would then be able to choose the entry and say I want to allow it (whitelisting) or I want to block it and then on which domain level. Meaning: google.com, or tagmanager.google.com or xxx.tagmanager.google.com. This way I can allow go to mail.google.com but all others are blocked. The functionally of Little Snitch on MacOS is the example I would like.

In little Snitch you can also choose which application is allowed.

So in little snitch you start word and a window opens and asks: Allow this app to connect to this server on this port. Then I can say: Once, for this sessions, forever. This app or all Apps.

So I could go to adobe.com port 80 with the Webbrowser but block adobe.com port 80 for Rapidweaver. Or allow port 443 but not 80. And so on. 

 

is this sufficient? Since eblocker is its own device I believe it is difficult to block traffic until someone clicked ok. It would mean some App of eblocker on my device, which I believe Apple would not allow. So for me it would be fine, if I could jump every evening to eblocker, see all apps, all urls, all ports and then decide which I would want to be blocked in the future or which I would want to whitelist. Or view what eblocker does when I install a new app and then immediately block the connection. Yes, the first connect would go through but nothing later. AdGuard is on iPhone is a good example how this works. This way, my list grows and I can block what I want to be blocked. I am very very restrictive what I allow. I do it in Little Snitch and Adgurad Pro. And I do much more than what AdGuard Pro e.g. offers. Although they do a really good job, I believe.

 


   
ReplyQuote
(@mainzelm)
Member
Joined: 5 Jahren ago
Posts: 123
 
Posted by: @gregor

@mainzelm what does this mean? It does not show the icon but blocks still? Or it does not block the trackers from there? And how can sites avoid this and how many sites are there? I am confused. And I believe the Rki doesn’t do this for eblocker, it must mean something to others as well.

The browser does not show the eBlocker icon because of a specific security feature enabled by that site. But apart from the missing icon, eBlocker still works for this site and the blocking of trackers is not affected at all. It's just that the eBlocker icon cannot be loaded.

I don't know how many other sites are affected, but, no, they don't do this for eBlocker, they do it for security (see https://content-security-policy.com to learn more about the details).

Best regards,

Martin

 


   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2082
 

@gregor In addition to what @mainzelM said, the icon might not be show depending on individual site layout. So depending how html/css is build for the site, the icon might be overlayed by other site layout elements - and not be visible

To make this clear: The absence of the icon is NOT an indicator that eBlocker is not working. eBlocker works on network level in the back end. The icon is just some GUI component for the front end that might break for reasons discussed - but the core eBlocker component is working just fine and not affected at all...


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 1099
 
Posted by: @random

@ulmisch Has https ever worked in your environment? Have you disabled av/firewall etc? I guess either the eBlocker cert has not the correct root/issuer rights or something else is intercepting your ssl traffic. Please share screenshot of the certificate issuer: go to a https site. Click the „lock“ that indicates https in browser. There you can usually find a button „show certificate“ or such. When taking the screenshot, make sure the cert issuer is shown.

@ulmisch I believe these questions never got answered. Did you fix the issue meanwhile? Otherwise I‘m sure we get it fixed together. The certificate issuer of a „non working site“ would be helpful, I agree.

Thanks much!


   
ReplyQuote

Nach oben scrollen