Block page not shown using Apache2

Fondor1 · November 14, 2017, 6:16am

Hardware/OS:

Custom build home server running Debian Stretch; current on software updates

Expected Behaviour:

When I navigate directly to a blocked domain from a client, a block page (as seen in this post) should appear.

Actual Behaviour:

When I navigate to http://scorecardresearch.com/ as in the post above, I get redirected to the DocumentRoot for pihole (/var/www/html/).

Debug Token:

97hjv6ww7x

Apache2 virtual host configs in /etc/apache2/sites-enabled:

000-default.conf:

<VirtualHost 192.168.1.210:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdir

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost 192.168.1.210:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdir
        
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

pihole.conf:

<VirtualHost 192.168.1.220:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/
        ServerName pi.hole

        ErrorLog ${APACHE_LOG_DIR}/error_pihole.log
        CustomLog ${APACHE_LOG_DIR}/access_pihole.log combined

        <Directory "/var/www/html/">
                php_admin_flag engine On
        </Directory>

        ErrorDocument 404 /pihole/index.php
</VirtualHost>

Additional information:

This looks like an apache2 configuration issue, but I'm not seeing where I messed up. In addition to the redirection to the DocumentRoot, I cannot navigate directly to /pihole/index.php on a client either; the server gives me a 404. index.php is definitely there along with index.js and blockingpage.css, either of which can be read just fine through a browser:

root@server:/var/www/html/pihole# ls -al
total 28
drwxr-xr-x 2 www-data www-data 4096 Nov 12 21:02 .
drwxrwsr-x 5 www-data www-data 4096 Nov 12 21:03 ..
-rwxr-xr-x 1 www-data www-data 5137 Nov 12 21:02 blockingpage.css
-rwxr-xr-x 1 www-data www-data   61 Nov 12 21:02 index.js
-rwxr-xr-x 1 www-data www-data 7009 Nov 12 21:02 index.php

What configuration steps have I missed here? Am I right in assuming that if this page is not working, my pixel blocking is also non-functional on my clients? Running

curl http://scorecardresearch.com/ads.jpg

On my server yields the expected image, but doing the same on my Ubuntu 16.04 box yields a 404:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /ads.jpg was not found on this server.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at scorecardresearch.com Port 80</address>
</body></html>

Any ideas? Where do I start to troubleshoot this?

Mcat12 · November 14, 2017, 5:26pm

You should disable the default config, because that might be overriding or messing with the Pi-hole config. Also, check to see that you're mirroring the lighttpd config: pi-hole/lighttpd.conf.debian at master · pi-hole/pi-hole · GitHub

deHakkelaar · November 14, 2017, 6:55pm

And not sure if intended but different IP addresses are used in the default.conf and pihole.conf.
192.168.1.210 & 192.168.1.220

Fondor1 · November 14, 2017, 8:13pm

Different IP addresses were very much intended. I already have a different site running under Apache on port 80. In order to keep pihole separate from the other site, I generated a second IP.

I will try to disable the default config temporarily to see if pihole starts to function as expected. As far as the lighttpd.conf, I do mirror the user, 404 page, doc root, error logs, etc. but I need to confirm that I have the equivalent modules enabled in Apache. I'm willing to bet I do but I will double check. Is the specific server.upload-dirs location critical for the operation of pihole?

Mcat12 · November 15, 2017, 1:45am

The upload dirs is not critical.

diginc · November 15, 2017, 5:45am

Try using a default vhost for pi-hole to make sure it wildcard black holes all ads

https://httpd.apache.org/docs/2.2/vhosts/examples.html#default

Before _default_ existed the internal apache logic just said something to the effect of "I looked at all my configs' aliases for servers and non matched, here just take my first site" basically. So without _default_ the very first VirtualHost block in the very first config file loaded alphanumerically is used for umatched ad domains, per this stackoverflow. hence why the default conf is prefixed with '000-'. If you moved pihole.conf to 0000-pihole.conf it would probably take over as default.

I think _default_ is the new recommended way of doing this, however I have never actually used it my self. I'm an nginx convert.

Fondor1 · November 15, 2017, 6:10am

I am even more confused after trying a few things out. At this point I'm confident it's an apache configuration issue, but I haven't the foggiest where my configuration is coming from... I removed the 000-default.conf file from sites-enabled altogether and only left the pihole config. Restarted apache. I can access the admin console just as before through http://pi.hole/ or via the assigned IP 192.168.1.220, but I can also access it via 192.168.1.210 despite that IP not being listed in the VirtualHost config.

I also still cannot access pi.hole/pihole/index.php manually, I am still given a 404.

I don't think this is a pihole problem, so I won't bother anyone else with further questions until I sort out what's wrong on the apache side. Thanks for the help so far.

deHakkelaar · November 15, 2017, 5:39pm

Do mind they are not files but symlinks linking to actual files in the "sites-available" folder !

$ ll sites-enabled
lrwxrwxrwx 1 root root   39 Feb 17  2015 000-apps.vhost -> /etc/apache2/sites-available/apps.vhost
lrwxrwxrwx 1 root root   26 Feb 17  2015 000-default -> ../sites-available/default
lrwxrwxrwx 1 root root   49 Feb 17  2015 100-dehakkelaar.nl.vhost -> /etc/apache2/sites-available/dehakkelaar.nl.vhost

Do you have a folder in the doc root named "pihole" ?
I believe your mistaking:
http://pi.hole/pihole/index.php
with:
http://pi.hole/admin/index.php
?

Oops, my mistake there is a folder

diginc · November 16, 2017, 12:17am

Are you using pi-hole as your DNS server?

diginc · November 16, 2017, 12:19am

Also did you give _default_ a try?

<VirtualHost _default_:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/
        ServerName pi.hole

        ErrorLog ${APACHE_LOG_DIR}/error_pihole.log
        CustomLog ${APACHE_LOG_DIR}/access_pihole.log combined

        <Directory "/var/www/html/">
                php_admin_flag engine On
        </Directory>

        ErrorDocument 404 /pihole/index.php
</VirtualHost>

you could also restore 000-default.conf and put your pihole.conf settings into it.

Fondor1 · November 16, 2017, 1:01am

I am aware that the files are symlinks from sites-available, sorry if that was not clear. I was symlinking or deleting links to pihole.conf and 000-default.conf from sites-available to sites-enabled when I said that I was "removing" 000-default.conf.

Yes, I am using pi-hole as my DNS server through my router. I am able to navigate the internet with no apparent issues. It blocks ads on all attached devices and the admin page works just fine through http://pi.hole/admin/ (or either IP address 192.168.1.210 or 192.168.1.220). Pixel server does not appear to work based on

curl http://scorecardresearch.com/ads.jpg

...and trying to access a blocked site directly never yields the block page.

I tried default last night but I also had my 000-default.conf enabled simultaneously. In that instance, there was no change in behavior. I will try again with only pihole.conf enabled with the default directive as suggested above.

Fondor1 · November 16, 2017, 6:14am

Implementing _default_ option and removing 000-default.conf had no effect on the end result. Navigating directly to a blocked domain brought me back to my pihole document root /var/www/html.

Some additional information: If I navigate manually to /pihole/ after I've been redirected to the document root from a blocked domain, I see the block page (notice the URL):

If I try to navigate directly there via http://pi.hole/pihole/ I get a 404 page. it seems that navigation directly to /pihole/index.php is disallowed.

There is also some different behavior on my clients today. I must have changed something despite my intention not to: curl from clients OR server now receives the correct pixel image. At this point that might be "good enough" because pixel block seems to be working. Still confused why the direct block page is not being redirected properly but considering how rarely I expect that to happen, I think I can live with the current implementation.

Thanks all for the help. For the record, here are my conf files:

000-default.conf:

Listen 80
Listen 8080
<VirtualHost 192.168.1.210:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdir

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost 192.168.1.210:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdir
        
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

pihole.conf:

Listen 80
<VirtualHost 192.168.1.220:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/
        ServerName pi.hole

        ErrorLog ${APACHE_LOG_DIR}/error_pihole.log
        CustomLog ${APACHE_LOG_DIR}/access_pihole.log combined

        <Directory "/var/www/html/">
                php_admin_flag engine On
        </Directory>

        ErrorDocument 404 /pihole/index.php
</VirtualHost>

Mcat12 · November 16, 2017, 8:26pm

It looks like you need to make sure that the 404 page on both IPs go to the block page.

Fondor1 · November 20, 2017, 3:11pm

I don't think the 192.168.1.210 address can point to a 404 page outside of the DocumentRoot, can it? pihole/index.php lives in /var/www/html, but that is a directory above the DocumentRoot for the virtual host at 192.168.1.210.

diginc · November 20, 2017, 3:27pm

My suggestion is simplify your configuration. Go down to just pi-hole config.

If pi-hole's config is correct and you can confirm it works by using various ways to connect:

pi.hole
doubleclick.net
192.168.1.x

If this doesn't work when pi-hole is the only config it's something in your pi-hole.conf or global apache config files.

Once pi-hole.conf works add your sites one at a time and re-test pi-hole's URLs and your new site's URLs. If pi-hole breaks you know your configs are causing the problem and their contents or ordering/priority needs to be modified.

Mcat12 · November 21, 2017, 4:20am

You should have the document root always point to /var/www/html/ for Pi-hole.

N0rimaki · March 1, 2018, 8:49am

i have the absolute same issue. And no final solution for this.
also my lighttpd is the same like this pi-hole/lighttpd.conf.debian at master · pi-hole/pi-hole · GitHub

it's rly strange.

Mcat12 · May 8, 2018, 9:48pm

2 posts were split to a new topic: Apache port 81 issue