Pihole FTL v5.24 Regex issue

mirrahman_habibi · January 10, 2024, 5:36am

Regex not blocking after upgrading to FTL v5.24:

i have installed pi hole on ubuntu server 23.04 and the regex was blocking properly in FTL V5.23 once upgraded now nothing is getting blocked using regex lists:

upgraded Pihole FTL from v5.23 to v5.24 and pihole 5.17.2 to pi hole v5.17.3:

rdwebdesign · January 10, 2024, 5:27pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

mirrahman_habibi · January 11, 2024, 4:53am

Dear Pi Hole Team,

Below is the debug token.

https://tricorder.pi-hole.net/zwvr43NI/

mirrahman_habibi · January 14, 2024, 4:08am

Dear rdwebdesign,

any update on this issue still regex is not working.

jfb · January 14, 2024, 9:11pm

Please upload a fresh debug log (your previous log has expired) and post the token URL here. Also, please provide the output of the following commands from the Pi terminal:

echo ">stats >quit" | nc localhost 4711

echo ">top-clients >quit" | nc localhost 4711

mirrahman_habibi · January 15, 2024, 4:10am

fresh debug log is https://tricorder.pi-hole.net/S2e1XS5r/
out put of first command is below

:~$ echo ">stats >quit" | nc localhost 4711
domains_being_blocked 4510987
dns_queries_today 488
ads_blocked_today 3
ads_percentage_today 0.614754
unique_domains 52763
queries_forwarded 342
queries_cached 143
clients_ever_seen 6
unique_clients 4
dns_queries_all_types 488
reply_UNKNOWN 1
reply_NODATA 0
reply_NXDOMAIN 10
reply_CNAME 287
reply_IP 168
reply_DOMAIN 22
reply_RRNAME 0
reply_SERVFAIL 0
reply_REFUSED 0
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 0
dns_queries_all_replies 488
privacy_level 0
status enabled

Output of second command is below

:~$ echo ">top-clients >quit" | nc localhost 4711

0 427 10.160.204.95
1 33 127.0.0.1 localhost
2 1 172.16.17.15 pi.hole
3 1 ::1 ip6-localhost

chrislph · January 15, 2024, 4:46am

You only have one adlist which is being hosted internally (and presumably generated internally) and has a html filename. Adlists should be in plain text, usually a txt file. Is that file actually a plain text file with a html extension, or does it really contain HTML markup such as <html> and <body>?

That said, Pi-hole's quick tests showed it was blocking the test domains it chose, and the adlist was installed previously and has not changed since.

You can test the blocking using a domain which you think should be blocked, with the command:

pihole -q -exact your.test.domain

Pi-hole will tell you if it's blocked or whitelisted, and what is responsible for it, or if no results are found.

mirrahman_habibi · January 15, 2024, 6:22am

Dear Chrislph,

The HTML file is plain text and the domains which in that HTML file gets block but the regular expression is not blocking the domains i have specified while the same regex were working properly before upgrading the FTL.

Regards

mirrahman_habibi · January 16, 2024, 4:48am

Hello Dears,

any help will be appreciated

chrislph · January 16, 2024, 12:53pm

Did you test specific domains using the command above? What did you find from doing that?

mirrahman_habibi · January 17, 2024, 4:24am

Dear chrislph,

Below is the output of pihole -q -exact your.test.domain it is mentionable the that below two domains are blocked by regular expression \W*((?i)tiktok(?-i))\W* not by the adlist.

:~$ pihole -q -exact tiktok.com
  [i] No exact results found for tiktok.com within the adlists
:~$ pihole -q -exact pubg.com
  [i] No exact results found for pubg.com within the adlists

chrislph · January 17, 2024, 4:58am

When I add that regex and query tiktok.com I also get no results. When I try it in regex101.com I do get a match. I think this is down to the kind of regex which Pi-hole implements.

These regexes seem needlessly complex. Is your intention to block any domain which contains the string tiktok? If so, the simple regex blacklist

tiktok

will do that. And similarly for the other one, the regex blacklist

pubg

Please add the tiktok regex and run the test again. That will confirm that regex blocking is working. You can then remove all the complex \W*... rules and replace with simpler rules for each word. You can combine strings too (using (string1|string2|string3) and so on), but it's more manageable to treat each one separately – makes updating and editing much easier that way.

You may need to be a little more specific with some specific words if there is a risk of a desired domain including that string, as that would also be blocked.

If your intention is to do something other than block all domains containing these strings, please detail exactly what you want the rule to do and I'm sure we can help with a more suitable one that works.

mirrahman_habibi · January 17, 2024, 5:07am

Dear Chrislph

As i added the regex you recommended for blocking all URLs containing tiktok and pubg keyword in it, it worked properly but the regex i have shared above working properly before upgrading the pi hole and since then the domains were not getting blocked by regex.
Thanks for the help i will edit my regex.

chrislph · January 17, 2024, 5:14am

That's good, it shows that your Pi-hole is still successfully processing regexes. I can only assume that regex processing was slightly modified in a recent update, causing your \W... rules to no longer work. A developer may be able to offer more insight on this.

system · February 7, 2024, 5:15am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.