[SOLVED] Regex wildcard question

CaptNemo · March 12, 2025, 4:13pm

If you are Experiencing issues with a Pi-hole install that has non-standard elements
Pi-hole is working fine. This is a general question.

Expected Behaviour:
Pi-hole is working as expected. This is a general question.

Actual Behaviour:
Pi-hole is working as expected. This is a general question.

Debug Token:
No token needed.

The question-

What is the wildcard syntax to block domains that match _____captiveportal.com?

Amazon has a bunch of domains: mmechocaptiveportal.com, fos5echocaptiveportal.com, etc.

Is it:
captiveportal.com ?
*.captiveportal.com ?
.{0,}captiveportal.com ?

What's the correct regex syntax?

rdwebdesign · March 12, 2025, 4:16pm

To block domains ending in captiveportal.com this regex will work:

.*captiveportal\.com$

. means any character;
* is a quantifier representing "zero or more times" the preceding character;
$ means "end of the line".

EDIT:
Added \ to escape the last dot.

jfb · March 12, 2025, 5:15pm

More generally, here is our regex tutorial which covers this and more:

https://docs.pi-hole.net/regex/tutorial/

CaptNemo · March 12, 2025, 5:45pm

Unfortunately, the regex didn't work-

The regex: .*captiveportal\.com$

mmechocaptiveportal.com is still not being denied.

CaptNemo · March 12, 2025, 5:47pm

I looked at that and it wasn't clear as to the syntax. It said what the characters did but didn't indicate the order in which they should be put in.

That was where I got the {0,} snippet

rdwebdesign · March 12, 2025, 6:27pm

* is the same as {0,}.

rdwebdesign · March 12, 2025, 6:31pm

It should be. Look at the regex matches here: regex101: build, test, and debug regex

Please check again if your regex is applied to all groups and devices.

Bucking_Horn · March 12, 2025, 10:15pm

I guess you didn't read the examples then?

To illustrate the usefulness of multipliers (and bounds), we provide a few examples:

Example..... Interpretation.....

^r-*movie matches a domain like r------movie.com where the number of dashes can be arbitrary (also none)

An explicit regex test demonstrates Pi-hole would match it:

# sudo pihole-FTL regex-test mmechocaptiveportal.com ".*captiveportal\.com$"
[i] Compiling regex filter...
    Compiled regex filter in 0.498 msec

Checking domain "mmechocaptiveportal.com"...
    .*captiveportal\.com$ matches
   Time: 0.103 msec

Also, you could run that mmechocaptiveportal.com domain past your configured regex filters:

sudo pihole-FTL regex-test mmechocaptiveportal.com

If that doesn't return any matches, then you probably have a typo in your regex.
If the test does match, then follow rdwebdesign's advice and investigate your group management.

CaptNemo · March 13, 2025, 1:33am

*# sudo pihole-FTL regex-test mmechocaptiveportal.com ".*captiveportal\.com$"*
*[i] Compiling regex filter...*
*    Compiled regex filter in 0.498 msec*

*Checking domain "mmechocaptiveportal.com"...*
*    .*captiveportal\.com$ matches*
*   Time: 0.103 msec*

I ran that command at the CLI and got the same response but, Pi-hole is still not denying mmechocaptiveportal.com.

See my screenshot- Imgur: The magic of the Internet
(I reset the logs and took the screen shot AFTER setting the DENY rule)

rdwebdesign · March 13, 2025, 2:13am

Please try to access again and take a screenshot of the Query Log page.

Also, generate a debug log, upload it and post here only the Token.

CaptNemo · March 13, 2025, 5:31pm

So new twist...

.*netflix\.com$ does not work (even though pihole-FTL regex-test says that it should).

So far, .*\.netflix\.com$ DOES work. I haven't seen a failure yet (but, I may be jinxing myself).

So I still don't have a working regex for fos5echocaptiveportal.com and mmechocaptiveportal.com. For some reason Pi-hole wants to break URLs at "."

UPDATE: Of course I jinxed myself....
.*\.logs\.roku\.com$ did not stop liberty.logs.roku.com

rdwebdesign · March 13, 2025, 5:32pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or if you run your Pi-hole as a Docker container:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

CaptNemo · March 13, 2025, 5:42pm

Your debug token is: https://tricorder.pi-hole.net/ldyGs5xz/

rdwebdesign · March 13, 2025, 5:59pm

This is not a regex issue. You just didn't understand how Group Management works.

To correctly use Group Management, you need to:

create a Group;
add domains/regex and lists to this group;
and add clients to this group.

You created many groups, but you have no clients in your Clients page.

This means all devices are using the Default group and the rules for the other groups are never used.

Also, your router is advertising itself as DNS server:

      dns-server: 10.1.1.31
      dns-server: 10.1.1.1

This will eventually bypass Pi-hole and you will have the impression that Pi-hole is not working.

CaptNemo · March 13, 2025, 6:14pm

Yes. What does the clients list do?

It's a secondary (fall-back) server. If Pi-hole goes down, I still want my network to work.

CaptNemo · March 13, 2025, 8:23pm

You da man! I added my subnets to the clients list and then associated them to the groups and it's working.

TY!

rdwebdesign · March 13, 2025, 8:31pm

This is not what the other DNS server does. It is not a fall-back. It's just another available option.

If you have 2 DNS servers on your router, the router will advertise both.
Then the decision about which DNS server will be used is up to each device Operating System.

Most Operating Systems (almost every one) will use both servers. As a result, some queries won't be answered by Pi-hole.