Partial site blockage


#1

I’m trying to login to a bank site that uses multi factor authentication. For security purposes, we’ll just use “bank” as a generic name. I receive a blank page when logging into the site.

Process:
Enter url of bank, press enter. “www.bank.com
Homepage of bank loads without issue.
Select login, enter required information, enter.

Page changes to “www.bankonline.com/../../../mfa” (/…/… representing irrelevant path info), mfa being the multi factor authentication page.

Page loads as blank.

Why do I believe it’s the PiHole?

The site loads fine on the same devices and browsers on other networks.

Disabling pihole for 60 seconds allows the site to load normally.

I’ve tried checking logs, gravity.list and blacklist, the bank site does not show as being actively blocked.

My raspberry pi, pihole core, FTL, and web UI are all up to date. I’ve tried restarting pihole and rebooting the pi. I’ve tried whitelisting “www.bankonline.com” via web UI with no luck.

Any suggestions?


#2

If you’re not happy providing the bank website’s url, there is not much that can be made in the way of suggestions.

Even though it may not be the bank’s site which is specifically being blocked, the problem may be that they could be using a third party analytics/tracking service which is being blocked by one of your blocklists, and their page fails to load because of that.

To identify which if any are involved, attempt to visit the site from one of your computers while not doing anything else online. (No other websites open, nothing else running). Then check the query log, and use the search box to limit it to the IP of the system you just tried to access from. If Pi-hole is indeed blocking some other site, it should be readily identifiable in the log that way.


#3

In addition to what robgill noted, it is helpful to tail the pinhole log while you load a site. I typically put the log printout on a separate window, then attempt to load the web page and see what hits the log in real time. Then I go to the query log.

Another helpful tool if you are using Chrome (or can use Chrome) to load the bank page, use the extension DNSThingy and it will tell you what domains the bank page is trying to load. You will be surprised how much “non-bank” stuff may be loading. That may give you some insight into where the problem lies.


#4

I’ve tried loading the bank site and then immediately checking the log (made sure I was looking at the right time by checking against the timestamps in the log) and saw nothing related to the bank’s url. I’ve also tried searching the log for anything related to the bank’s url and it came up empty.

I’ll give DNSthingy a shot and report back.


#5

The items you are looking for are likely not related to the bank’s URL. They are typically third party servers, and sometimes the websites won’t load if you don’t get the third party pages loaded. As a quick example, this is what tries to load when I go to “cnn.com”, a pretty ad-laden page.

www.cnn.com
amplify.outbrain.com
www.ugdturner.com
c.amazon-adsystem.com
ssl.cdn.turner.com
cdn.cookielaw.org
www.i.cdn.cnn.com
tag.bounceexchange.com
static.ads-twitter.com
cdn.livefyre.com
cdn.cnn.com
widgets.outbrain.com
data.cnn.com
smetrics.cnn.com
w.usabilla.com
cdn3.optimizely.com
ajax.googleapis.com

#6

You can also do:

sudo pihole -t | grep <IP of host you are browsing from> | grep pihole

Then browse to the site and see what gets blocked in realtime


#7

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.