search

divestedcg / dnsrm

A list of domains you probably don't want blocked
22 stars 5 forks source link

apigee subdomain ? #2

Open aleks-mariusz opened 11 months ago

aleks-mariusz commented 11 months ago

i'm using divblock on DivestedWRT.. it seems that when you block a whole domain (in my example, apigee.net), putting a sub-domain (my health provider has a subdomain under it and one of the intermediate requests while logging in is blocked) does not work for throwing it into /etc/config/divblock-exclusions to make an exception.. any advice?

the hostname in question is bupa-prod.apigee.net.. any advice? should i create a PR? which file would i add it to?

SkewedZeppelin commented 11 months ago

So apigee isn't explicitly wildcarded out, but still would be treated that way by uBlock Origin and dnsmasq. So adding it here without removing the top-level domain won't help.

You can add them to the exclusions file: /etc/config/divblock-exclusions

/apigee\.net/

and /etc/init.d/divblock restart

aleks-mariusz commented 11 months ago

thanks, that worked to get the site unblocked.. and i'm able to proceed with what i was trying to do.

but two things before we wrap up the issue please, if you could advise on:

  1. this means i effectively whitelisted EVERYTHING under apigee.net, which was a bit of a heavy hammer to unwhite list just that one address.. is there a more strategic/surgical solution ? I don't know anything apigee but i trust you had a reason to block them otherwise ?

  2. when i do a restart of divblock, i see a bunch of udhcpc: no lease, failing several times for one restart.. maybe not cause for concern, but curious if you can help shed light what causes these, as it seems you're quite knowledgeable about the internals here :-) found an answer myself here

SkewedZeppelin commented 11 months ago

this means i effectively whitelisted EVERYTHING

Indeed. I recommend keeping DNS blocking, like divblock, more as a baseline/fallback and doing more fine grained blocking via uBlock Origin.

you had a reason to block them otherwise

apigee is/was an analytics/marketing company, but they've pivoted a bit into having other useful "business tools" after Google bought them. I'm still undecided how to handle services like them: blocking them can break legitimate sites, but not blocking them allows profiling on others.