search

slyfox1186 / pihole-regex

Custom RegEx, Exact, and Adlist filters for Pi-hole's FTLDNS
MIT License
65 stars 10 forks source link

Blacklist domain pass through as Whitelist #11

Closed WoefulWrecker closed 10 months ago

WoefulWrecker commented 10 months ago

Some whitelist regex might need rethinking, given regex “as is” are letting blacklist domain pass through as whitelist.

Cheers

Amazon # Close to 1800 blacklist domains check attach.

(.|^)(amzn|amazonaws|amazontrust|apzones|digicert|marketwatch|mzstatic|sym[b-d]+?|wp|yimg|youtube|ytimg).(com|to)$

amazon.txt

AdultTime Necessary for the site to deliver non ad content

(.|^)(dns|)algolia(|net).(com|io|net)$

a0ef2haqr0-1.algolia.io algolia.com analytics.algolia.com analytics.de.algolia.com analytics.fve0otglpf.algolia.net analytics.rcsnjttpht.algolia.net analytics.us.algolia.com analytics.uwxbmb9os2.algolia.net insights.algolia.io insights.de.algolia.io insights.us.algolia.io jn1rdqrfn5-1.algolianet.com jn1rdqrfn5-2.algolianet.com jn1rdqrfn5-3.algolianet.com jn1rdqrfn5-dsn.algolia.net logs.algolia.net recommendation.us.algolia.com telemetry.algolia.com track.rcsnjttpht.algolia.net tracker.rcsnjttpht.algolia.net tracking.rcsnjttpht.algolia.net

(.|^)gammacdn.com$

free-at-assets.gammacdn.com gammacdn.com images01-buddies.gammacdn.com images01-fame.gammacdn.com images02-buddies.gammacdn.com images02-fame.gammacdn.com images03-buddies.gammacdn.com images03-fame.gammacdn.com images04-fame.gammacdn.com kosmos-assets-prod.react.gammacdn.com kosmos-prod.react.gammacdn.com kosmos-prodv2.react.gammacdn.com static01-cms-buddies.gammacdn.com static01-cms-fame.gammacdn.com static02-cms-buddies.gammacdn.com static02-cms-fame.gammacdn.com static03-cms-buddies.gammacdn.com static03-cms-fame.gammacdn.com static04-cms-buddies.gammacdn.com static04-cms-fame.gammacdn.com trailers-buddies.gammacdn.com trailers-fame.gammacdn.com transform.gammacdn.com videothumb.gammacdn.com

^([a-z0-9]+.|)(appsync|execute)-api.us-east-1.amazonaws.com$

0bxxaty1ad.execute-api.us-east-1.amazonaws.com 1g26ewet37.execute-api.us-east-1.amazonaws.com 1s7vmel6xi.execute-api.us-east-1.amazonaws.com 2m1ln5gmga.execute-api.us-east-1.amazonaws.com 30dckcweuf.execute-api.us-east-1.amazonaws.com 4uklew74b1.execute-api.us-east-1.amazonaws.com 815jpfypwc.execute-api.us-east-1.amazonaws.com 99kz2a2ob8.execute-api.us-east-1.amazonaws.com 9w2zed1szg.execute-api.us-east-1.amazonaws.com 9w2zed1szg.execute-api.us-east-1.amazonaws.com bin5y4muil.execute-api.us-east-1.amazonaws.com bx7jwhkpb4.execute-api.us-east-1.amazonaws.com e6yeun02cb.execute-api.us-east-1.amazonaws.com fc01np5u7i.execute-api.us-east-1.amazonaws.com fqicudrbaf.execute-api.us-east-1.amazonaws.com l026e7vji8.execute-api.us-east-1.amazonaws.com pn8sm7rjuc.execute-api.us-east-1.amazonaws.com qe6evcafs0.execute-api.us-east-1.amazonaws.com v76ndo1am9.execute-api.us-east-1.amazonaws.com w6x8q98np4.execute-api.us-east-1.amazonaws.com wl96h214rb.execute-api.us-east-1.amazonaws.com

Required to log into general website user account pages

^accounts..*.(com|net|org|uk|br|ly|gov)$

accounts.abgsex.net.daraz.com accounts.adcolony.com accounts.adespresso.com accounts.adiant.com accounts.adjust.com accounts.adtelligent.com accounts.advanced-store.com accounts.adx1.com accounts.amobee.com accounts.api.affiliatewindow.com accounts.api.binance.com accounts.api.getadmiral.com accounts.api.kochava.com accounts.appdynamics.com accounts.appier.com accounts.apple.securelink.auh1.com accounts.attentivemobile.com accounts.auctiondrop.com accounts.baileysfarmsinc.com accounts.bi.tt.omtrdc.net accounts.bighow.net accounts.binance.com accounts.ccminer.org accounts.cmp.optimizely.com accounts.comscore.com accounts.conduit.com accounts.craigslist.org-securelogin.viewpostid8162-bmayeo-carsandtrucks.evamata.com accounts.crazyegg.com accounts.cryptonight.net accounts.decibelinsight.net accounts.deepintent.com accounts.despegar.com accounts.dev.api.binance.com accounts.doubleclick.net accounts.effectivemeasure.net accounts.emerse.com accounts.eu.api.binance.com accounts.eyereturn.com accounts.fgl.com accounts.firstpromoter.com accounts.gocsooglc.com accounts.gooacogle.com accounts.google.com.notecia.inf.br accounts.google.com.serviceloginservicemailpassivetruerm-falsecontinuemail.google.com.mail.ss1scc1tmpldefaultltmplcache2emr1osid1.financetrendnews.com accounts.google.comads.yahoo.comafs.moatads.com accounts.google.comafs.moatads.com accounts.googlyoutube.com accounts.gooog1e.com accounts.goooglesecurity.com accounts.growingio.com accounts.gumgum.com accounts.haravan.com accounts.hotels-in-israel.com accounts.hsoub.com accounts.infusionsoft.com accounts.inntelligentcrm.com accounts.insigit.com accounts.instagram.com.days-sa.com accounts.int2-pmgt.api.tt.omtrdc.net accounts.kaizenplatform.net accounts.kidoz.net accounts.kiosked.com accounts.letsdoeit.com accounts.live.resonate.com accounts.livefyre.com accounts.longmusic.com accounts.loopme.com accounts.mail.wesfrgpay.com accounts.mantisadnetwork.com accounts.meltwater.com accounts.mobidea.com accounts.mobvista.com accounts.monumetric.com accounts.mytaphouse.com accounts.mywellsfargnaccount.gocoogle.resortfulelevation.com accounts.na.global.global.tt.omtrdc.net accounts.net.daraz.com accounts.novaonx.com accounts.ns.kubernetesvision.net.daraz.com accounts.omniconvert.com accounts.pega.com accounts.petametrics.com accounts.pkr.com accounts.pqa-np.api.api.tt.omtrdc.net accounts.qa-ext.livefyre.com accounts.qocple.epizy.com accounts.qwilr.com accounts.rentshop.org accounts.retargetly.com accounts.revcatch.com accounts.revenuenetwork.com accounts.revprotect.com accounts.salesloft.com accounts.sattadon0001.net.daraz.com accounts.secure.googlaidmin.com accounts.signifyd.com accounts.sisudata.com accounts.skimlinks.com accounts.slickstream.com accounts.smaato.com accounts.sundaysky.com accounts.support.net.daraz.com accounts.synchronizing.googlemail.www2.vectorstrategies.com accounts.system-ns.org accounts.t402.livefyre.com accounts.targetspot.com accounts.techibits.com accounts.tellkomsel.com accounts.testlib-ln-1.net.daraz.com accounts.tradingmakeracademy.com accounts.us-east-1.salesloft.com accounts.us.api.binance.com accounts.walkme.com accounts.wordpress-catalog.com accounts.wozbtc.com accounts.yektanet.com accounts.yoc.com accounts.yotube.com accounts.zywave.com

slyfox1186 commented 10 months ago

I am confused about some parts of your post.

I think I understand the first part about amazon and my whitelist regex is letting blacklisted domains through.

What is your points about the rest of the post? Are you saying that they work well or are you saying that they are not working well?

I ask because the rest of the post contains listed domains that should be whitelisted. If I missed one let me know.

I did change the regex white list that was letting a lot of blacklisted domains through.

I changed it to...

^(ad(|s))\.(amzn|amazonaws|amazontrust|apzones|digicert|marketwatch|mzstatic|sym[b-d]+?|wp|yimg|youtube|ytimg)\.(com|to)$

I then did a random sample test on the list you sent me of 50 domains and not one of them was whitelisted anymore.

slyfox1186 commented 10 months ago

I think I fixed the concerns you had, however, if you would like to re-visit this please re-open this ticket.