I have on one of my computers a (bash-)script that does some internet access via wget (or curl or similar). When running this script, I have to manually hit the eblocker pause button. It would be nice if this script could set/unset pause, for example via a URL (for example, something like: "wget http://my-eblocker/paus e"). Perhaps this is already possible, but I cannot find it in the docs. If it's not, it would be a nice addition
@pe1aqp I'm always after understanding the cause before handing out a solution.
To understand, I have some questions:
- I assume eBlocker HTTPS is activated for the wget device, right?
- If so, have you tried to disable eBlocker HTTPS support for the particular device (via Settings>Devices><select device> then (tab) HTTPS?
- If eBlocker HTTPS is the cause, then you can simply define a Trusted App if the domains you are contacting are known in advance/fixed. This whitelists the domains so eBlocker HTTPS is not used for the named domains.
- If the domains are unknown, what are you trying to achieve with eBlocker HTTPS / what are your expectations in terms of protection? (Background: eBlocker HTTPS protection makes most sense if the domains you are contacting are using First Party Fingerprinting. If not, there is no gain.)
- If so, have you tried to disable eBlocker HTTPS support for the particular device (via Settings>Devices><select device> then (tab) HTTPS?
- If eBlocker HTTPS is not enabled for the wget device than please share the error you are getting.
Generally speaking, I fear to "remote pause" is not the best solution for your individual issue. My boss always says "who only knows the hammer, tries to turn every problem into a nail" 😉
So let's try to understand the problem first and then we find the right tool to solve it.
Last: I've moved your question from Feature Request to the general discussion board, as we would probably not implement such a feature. Background: A "pause" URL could be called by any JS - so a website could use this to disable eBlocker to circumvent it's tracking protection. Maybe not a good idea 😉
THX!
@random Thanks for your reply.
Your boss is right about hammers and nails, HTTP(S) is the hammer of our days (I've been guilty of that myself). However, I would happily use a screwdriver (tell me: pozidrive? torx?).
Another scriptable variant of this idea would be to use SSH into the eblocker device and set or unset some flag. However, I understand that SSH into eblockers is not foreseen (but, again, perhaps I misread the docs.)
The device on which I want to run this script is indeed covered by eblocker HTTPS protection. Disabling that will indeed solve the problem in my script, but, please, what is that for advice? I also run normal webbrowsers on that computer; in fact I currently use a browser on that device to start/stop an eblocker pause.
I don't want to say that the domains I want too access are fixed or known beforehand, although in practice it wil be a very small list.
My expectation of HTTPS protection? That it protects my browser, when I run it. It is not helpful when I run my script, which is why I want to pause it when the script runs.
"Remote pause" is perhaps not the best solution, it certainly is a workable solution. It the solution I currently use, by starting and stopping the pause by hand in a web-browser. But that implies that I cannot run my script as, for example, a cron job.
Moving this discussion into a different board is fine with me, the implied denial is not. Of course, JS is currently already used to start a pause (I suppose, I could run an headless web-browser and execute the start/stop pause in that process, but that sounds like more work than I want to do.)
In the hope you can suggest me the right tool,
Best Regards.
Thanks for your comprehensive answer 👍
To get this straight: If you disable eBlocker HTTPS (for the device) the device is still protected by the Domain Blocker. So all known 3rd party tracker, ads etc. are still blocked that are using a different domain than the one you are contacting. For instance, you are contacting "gooddomain.com" where the HTML requests "googleanalytics.com" - then Google Analytics is still blocked (as it has it's own domain).
HTTPS gives you extra protection if the website uses First Party Tracking like gooddomain.com/badtracker.php. Then only this bad URL gets blocked while the domain is still accessible normally.
Also if your curl does not executing the HTML/JS on the target URL - not loading any third party domains - you are fine anyhow.
Now, I see two solutions:
- Best solution would be to add eBlockers certificate to the root certificates used by your curl script. Usually this can be done by adding the eBlocker certificate to the OS certificate storage (not just the browser). Unfortunately I'm not a Linux geek and can't help more in detail. On macOS/Windows it's rather simple.
- If you can't get 1. to work and the list of domains your curl is contacting is limited/countable, I would simply add the contacted domains as a Trusted App (Settings>HTTPS>(Tab) Trusted Apps). It's not a big deal and also a great solution. BTW: In case you are contacting subdomains, ie. sub.domain.com, you can simply add domain.com and all subdomains get HTTPS-whitelisted.
Last: Yes, the ControlBar uses JS as well but we use a clever CSP and some more tricks to avoid that the same call to the eBlocker API can be used by a regular website/someone else. I highly doubt we would weaken this security measure as there are better solutions (see above).
Hope this helps.
Great idea @benne to just add eBlocker's root cert to the OS SSL CA storage. That's the easiest and most elegant method. Thanks a lot for reminding me/us!
@pe1aqp See here how to add eBlocker's CA certificate to OpenSSL (probably used by your scripts): https://curl.se/docs/sslcerts.html
THX!