Blocked website response from PiHole

Hello, I was wondering if it's possible to create a feature you can turn on where if a website gets blocked by pihole you would get a custom page and not just the website is unreachable?

there are 2 ways I see this helping, 1, if it's just a custom page saying the website was blocked you're welcome, that would save a lot of time checking websites that are just down in pihole because you thought they got blocked.
and 2, if you can take it a step further and have a button to log in to pihole in that page to whitelist the website from that page. this would help pihole reach a more tech novice crowd that could also enjoy the control over the network.

hopefully, I managed to get the vision across, thanks for reading!

You mean somehing like pihole's blocking page. Set it by setting BLOCKINGMODE=IP in /etc/pihole/pihole-FTL.conf

https://docs.pi-hole.net/ftldns/blockingmode/#pi-holes-full-ip-blocking

Note: It was once pihole's default behavior, but it doesn't work with https sites (which are the majority on the internet today). That's why the blocking mode NULL is the default now.

from what I gathered from the text it sounds like it. what exactly broke it with https? and if it's possible to fix maybe there should be a switch in the gui settings to enable or disable this.

It's impossible to do.

so if you redirect a site to the pihole address, you'll get the "this site is not secure" page?
so how do routers with the same problem get around that? I had a FortiGate at work that had this feature, and the router's certificate was invalid when you tried to connect to the router you would get the default page for HTTPS not secure turn back.

but when you got blocked, you would reach a page that the router generated showing some info about the fact it was blocked by the security policy.

so how are they doing it, and can we replicate that solution?

I don't know how they do it, but you would need a Man-In-the-Middle attack to do it.

You installed the Fortigate Certificate Authority that said "Okay Fortigate router, I trust ANY certificate you give me to be who you say it is. If you say your are Google, then I trust you implicitly. If you say you're my bank, then I trust you implicitly. Anything you say I will agree with without any question.:"

Or the router was your proxy and redirected to a new page.

No.

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/605938/why-you-should-use-ssl-inspection

When using SSL certificate inspection, you may get certificate errors for blocked websites, due to your FortiGate attempting to display a replacement message for that site using HTTPS. To prevent these errors, you must install the certificate that the FortiGate uses for encryption in your browser. By default, this is the same certificate used for SSL inspection.

no, as I mentioned in the reply, the users still got the certificate invalid page when entering the VPN portal, and I got it every time I entered to manage the router.

so no one installed the CA on their computers, but still the page for blocked content was visible to all and was not showing up as blocked or invalid certificate.

Then it was:

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.