Hey all!
first time playing with the pi-hole and i really dont have much scripting skills.
Long story short i wanted to make sure that when something is blocked that my wife when working home will know its because of my "toys".. this way i can quickly fix it.
i followed the above guide however it didnt work well so i looked up another guide which suggested using php instead of htm..
Here are the refined instructions for my particular block page setup…
How to set up a custom block page in Pi-Hole:
On the pi-hole go to the /var/www/html/pihole folder
Create an PHP file for your custom block page with the name “CustomBlockPage.php” and paste the HTML code in the file:
(NOTE: Do not use LeafPad to make the file because it does not correctly format text for our purposes.)
<HTML>
<TITLE>BLOCKED</TITLE>
<BODY BGCOLOR=000000 BACKGROUND="pihole/pihole-llc.png" TEXT=FFFFFF>
<CENTER>
<BR>
<IMG SRC="pihole/Vortex-R.png" WIDTH=100><BR>
<FONT Size=+2>
<BR>
This Page has Been Blocked<BR>
*OR* Does not exist<BR>
</FONT>
<BR>
Notice: Some pages have been blocked due to content or bandwidth restrictions.
<BR>
<BR>
If you believe that this page has been blocked in error,<BR>please contact the front desk.
</CENTER>
</BODY>
</HTML>
Change the blocking mode to “IP” in the “pihole-FTL.conf” file by adding a block mode line:
*note: I changed mine ti BLOCKINGMODE=IP its up to you Blocking modes options: https://docs.pi-hole.net/ftldns/blockingmode0/
For the website to be displayed correctly in Google Chrome, MS Edge, Opera, Vivaldi, Brave etc. browsers, you must change the extension from .htm to .html
Thanks to this post, I was able to setup my customized block page.
Any clue to get it working also for https?
I already own a nginx letsencrypt proxy with 80 and 443 ports open.
Defining the blocking page on it could be useful?
Sure, create your own Certificate Authority (and all the associated security hardening required for it) and push that CA to all the devices browsers or certificate stores and you can do it.
The only way to impersonate a TLS site is to set up an authority that has implicit trust to impersonate ANY domain they want.
Sorry, I haven't been on here in a long time... Incase you didn't find an answer:
Someone suggested below that the following is missing a forward slash at the beginning of the file location:
This was assuming that Pi-Hole knows its own location in the drive structure. You can try modifying this to match the file structure of your installation to see if that helps.
Correct, it shouldn't care what extension, especially when ".htm" is part of the HTML standard. ".htm" was used because DOS and Windows 3.1 only supported 3 character file extensions. But it appears to no longer work in the newer version of pi-hole. Instead the page is served as a download instead of a viewable page. That sounds like a bug of some sort. I also found that the block page now only appears if you put in the Pi-Hole's IP address (and only when you change the extension to ".php"). Something has changed. (Correction... it does still work with an actual 404 error with the .php extension)
Please note: I don't know much about protocol standards so be kind
Regarding blocking "https", at what point does the url lookup become encrypted? When I type in a url into my browser, I don't specifically type in an https. Shouldn't the block occur before the site has been determined to be an https site? Shouldn't any outside request be blocked through checking the block lists by url before determining if the site actually exists?
From the start. And if the domain is on the HSTS preload list or has been visited prior with HSTS headers then you won't be able to do the equivalent of a downgrade attack to disable the forced TLS.
Is anyone talking with Mozilla about legitimate DNS filtering and how it can be done with this new security concept? It sounds like it is going to undermine Pi-Hole's abilities completely.
