If I understand correctly if a site is added to the blocklist (i.e. ad block) this blocks underlying calls to those urls but does not directly block acces to the site entered in a browser url?
For example I added a porn block list and then was expecting to not only have ads blocked but be unable to access one of those sites directly entered in the browser address field which I was not.
To block direct access to the site I had to add that url to the blacklist (as a wildcard regex). Then it was actually blocked when entered into the browser address field.
My misconception was that urls added to the blocklist are also blacklisted but apparently not? correct?
was that by design? why not blacklist any site that wad ad blocked. If I dont' want their ads why would I want to visit them?
Ok given my observations of behavior are correct then I was hoping to upload a list of urls to blacklist but the UI can only accept one at a time. A little more digging I see that the cli can accept mutliple at a time. https://docs.pi-hole.net/guides/misc/whitelist-blacklist/ That's not too bad as I can write a script to convert base domains into regex wildcards and load them this way.
So it is correct that current verion 5+ the UI has no way to accept a list of sites to BLACKLIST and only the cli can do that?
No. Pi-hole doesn't block URL's, it blocks domains. A domain is a subset of a URL. Any time a domain name is sent to Pi-hole by a client for resolution, the domain is compared against your blocking. If the domain is blocked (regardless of the context in which it was called), then the client receives no IP in return. If the domain is not blocked, the client gets the IP and goes to the web to fetch this IP (and the rest of the URL as applicable).
Again, you added a domain to the blacklist, not a URL.
What you were likely seeing is two different domains. The blocklist you are using could contain the domain badporn.com. but when you go to load it in the browser the browser is looking for www.badporn.com, which is a different domain.
By adding badporn.com to your blacklist as a wildcard (which Pi-hole then converts to a regex), you block both this domain and any subdomains (which would include the www variant).
This is not correct. You can add as many domains to the blacklist as you like at once, as long as they are properly separated by spaces or line breaks (which will convert to spaces when you paste).
So what you are saying is that an "ad blocked" domain is "blacklisted" but if the adblock list doesn't specifically include a subdomain (like www.) that subdomain won't be blocked. Ok that is what I experienced.
So then what about those "ad" lists. Looking at this adlist https://raw.githubusercontent.com/mhhakim/pihole-blocklist/master/porn.txt I observe it does not contain any wildcard regex. Does that mean an adlist can ONLY contain specific (sub)domains and never a wildcard regex? If so maybe THAT is why there is a totally separate place to add blocks (i.e. the blacklist) and there is where one can use wildcar regex?
BUT if an adlist can contain wildcard regex then why didn't they use it instead of repeating www. and www.www. for each base domain?
tomato/tomahtoe. adlist/blacklist. I think I grok it.
I supposed there is some history of why the two lists and why the adlist can't contain globs. Intuitively I was expecting only one place to add domains and for it to support globs or regex or both. I can deal with it as is.
So my initial evaluation is very positive and I'm going to use pihole on my gateway (maybe even the DHCP and A/CNAME records in place of a standalone (edit files) dnsmasq I have running on my router now. Stand alone dnsmasq doesn't support CNAME records so that's a bonus when setting up reverse proxy aliases.
Thanks to the devs & moderator and of course....docker containers. Once I get it running on my and two other family LANs we'll make a donation.
I can just have all Reverse Proxy ("alias") entries be A records (as I have now) and as long as my RP server doesn't move to another IP it's not a big issue. At least with files I could do a search and replace. Not sure there is any way to do that with pihole cli.
Unbound on opensense is a bit better in this regard as it has "alias" entries for each A record. Maybe pihole could do that too. I assume opnsense just makes an A record for each alias when it generates the underlying unbound conf.
Oh well this is really another topic. Maybe I'll start one.
