Blocked Pages not redirecting to blockpage

[EvanGrote]

I'm currently running pihole on nginx and I'm able to see the blockpage when I navigate to http:///blockpage , but I'm not being redirected to the blockpage when I attempt to view a blocked URL.

I installed PiPass to web root /var/www/html/. config.txt default.txt

[roenw]

Please post the output of cat /var/www/html/index.php

[roenw]

I was able to replicate Ian's issue by disabling SSL on my NGINX installation. Could you try creating a self-signed certificate and adding that to your lighttpd configuration?

SSL certificate is required since most websites use HSTS nowadays. Your computer will refuse the connection from the PiPass if it's unable to supply an SSL certificate. It does not require the certificate to be valid, but it will display a "Connection not private" warning for self-signed certificates.

[JoeSchubert]

This also happens with lighttpd if ssl is not enabled. I'll work on updating the readme.

Side Thought: It might be better though rather than cramming too much into the readme directly, if we could make some wiki pages and just link to those. This would result in less committing to the readme and the wiki pages could just be updated. It might also make the readme easier to follow.

[roenw]

That’s a great idea - we don’t want to make the Readme too long.

On Jun 1, 2019, at 8:55 AM, Joe Schubert notifications@github.com wrote:

This also happens with lighttpd if ssl is not enabled. I'll work on updating the readme.

Side Thought: It might be better though rather than cramming too much into the readme directly, if we could make some wiki pages and just link to those. This would result in less committing to the readme and the wiki pages could just be updated. It might also make the readme easier to follow.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[plankobostjan]

I don't know if this relates to you @EvanGrote, but...

I had the same problem as you. I installed PiPass to webroot, set up SSL certificate... But when visiting any blocked page all I got was the standard "Problem loading page" from the browser.

After some research, I found out that the problem was not in PiPass but rather in the way my PiHole was configured. PiHole was set to NULL blocking mode which means that blocked queries are answered with the unspecified address. As a result you get "Problem loading page" from the browser.

The sloution was to set the PiHole blocking mode to IP-NODATA-AAAA. Using that mode, PiHole redirects the page correctly (PiPass blockpage shows up).

For more info on PiHole blocking modes see: Blocking mode

[JoeSchubert]

So it looks like maybe we should be using

BLOCKINGMODE=IP-NODATA-AAAA

Instead of

BLOCKINGMODE=IP

?

[plankobostjan]

@yoinx If you are asking in terms of PiPass, no. Both, IP and IP-NODATA-AAAA work just fine.

However, in the terms of PiHole, the IP-NODATA-AAAA blocking mode seems a better choice according to blocking mode documentation.

[EvanGrote]

Sorry for the delayed response, it has been a busy week.

Following the feedback above, I installed a self-signed SSL certificate and https is now (insecurely) working for me on my nginx server. I also updated my blocking mode from IP to IP-NODATA-AAAA. Unfortunately, I'm still not seeing the PiPass blockpage, just the generic pihole landing page (the page rendered if you attempt to view something other than to <pihole_ip>/admin/ or blockpage).

Here is the output of cat /var/www/html/index.php:

<?php
require('config.php');

$url =  "{$_SERVER['HTTP_HOST']}";
$bpLocal = $conf['blockpage_url'];

echo <<<EOL
<form action="$bpLocal" method="get" id="urlpass">
    <input type="hidden" name="url" value="$url">
</form>
<script>
document.getElementById('urlpass').submit();
</script>
EOL;

[roenw]

@EvanGrote There is no ?> at the end of the file?

Aside from that, perhaps you forgot to add error_page 404 =200 http://$host; to the location / { directive in your nginx configuration file?

[EvanGrote]

My bad, the ?> is there, I just missed copying it.

Here is my /etc/nginx/sites-available/default file:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;  

        root /var/www/html;
        server_name _;
        autoindex off;

    ssl_certificate /etc/ssl/certs/localhost.crt;
    ssl_certificate_key /etc/ssl/private/localhost.key;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

        index pihole/index.php index.php index.html index.htm;

        location / {
                #expires max;
                try_files $uri $uri/ =404;
        error_page 404 =200 http://$host;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                fastcgi_param FQDN true;
                #auth_basic "Restricted"; #For Basic Auth
                #auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location /*.js {
                index pihole/index.js;
                #auth_basic "Restricted"; #For Basic Auth
                #auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location /admin {
                root /var/www/html;
                index index.php index.html index.htm;
                #auth_basic "Restricted"; #For Basic Auth
                #auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location ~ /\.ht {
                deny all;
        }
}

[roenw]

@EvanGrote does the blockpage show up if you visit a blocked site without a path? E.g. try to visit:

ads.google.com, NOT ads.google.com/home/

[EvanGrote]

ads.google.com takes me to the pihole 404 page, ads.google.com/home/ appears to be attempting to take me to the PiPass page, but I'm getting a ERR_CERT_AUTHORITY_INVALID because of my self-signed certificate. Currently trying on my phone and it's not giving an option to ignore it and proceed.

[roenw]

Try remove pihole/index.php from the index directive in your NGiNX configuration file?

[EvanGrote]

I removed pihole/index.php from the index directive and now ads.google.com takes me to the PiPass page and ads.google.com/home/ has the same ERR_CERT_AUTHORITY_INVALID

[roenw]

This is expected behavior. Unless you have a FQDN and a signed Let's Encrypt (or other valid, signed SSL certificate) linked to your Pi-Hole that you can use, you will receive the ERR_CERT_AUTHORITY_INVALID error.

[roenw]

Assumed solved. Respond if you need further assistance.