Whitelisting a domain (regex) does not work (For people who use Group Assignment)

Expected Behaviour:

For nuskin.com to be unblocked.

Actual Behaviour:

nuskin.com is blocked even though I have added it to the whitelist.

I Have Tried These Steps:

  • Rebooting system and DNS resolver
  • Resetting Pi-hole completely (delete all files, and re-create Docker)
  • Disabling StevenBlack's blacklist (this works)

Debug Token:


Might be related to the unsupported webserver not actually applying whitelists.

What does dig nuskin.com @ show for an IP address?

Hmm.. weird. I'm using the official Docker image. Does it have to do me not using macvlan? Just a wild guess. And here's the dig.

; <<>> DiG 9.10.6 <<>> nuskin.com @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;nuskin.com.			IN	A

nuskin.com.		2	IN	A

;; Query time: 46 msec
;; WHEN: Sat Jul 11 15:27:56 EDT 2020
;; MSG SIZE  rcvd: 44

What is the regex whitlist you added to unblock nuskin.com?


It's the setting where I click wildcard next to the domain entry. Unless I'm doing it wrong. Not great with regex.

What virtualization platform are you using? This is the output from the web interface:

*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 302 Moved Temporarily
Server: diskstation
Date: Sat, 11 Jul 2020 18:52:25 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Keep-Alive: timeout=20
Location: http://localhost:8000/

[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 302 Moved Temporarily
Server: diskstation
Date: Sat, 11 Jul 2020 18:52:25 GMT
Content-Type: text/html
Content-Length: 154
Location: http://localhost/
Connection: keep-alive
Keep-Alive: timeout=20

Check the Tools>Query Lists for nuskin.com and show the output.

I use the default Docker app using my Synology NAS. Below is the output for nuskin.

 Match found in http://localhost:3838/lists/block/ads--trackers.list:
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:

Ah, Synology is a different beast.

Seems the whitelist is not applied:

Correct output would be:

If you use "wildcard" don't enter regex there - pihole will add it automatically for you.

Yeah, that's what I did. The regex is the final output. The original input is nuskin.com.

Darn. Any pointers on how to fix this?

What does the Whitelist Management page show at the bottom of List of whitelisted entries?

Are you using group management? What does the Group Management > Domains > List of entries show and is the regex whitelist assigned to the right group?

1 Like

This is the screenshot for the Whitelist Management page:

And I am using group management also:

This actually fixed the issue. I added an Administrator group I set for my devices earlier. All I had to do was set the group assignment for the whitelist entry. Guess I learned something today!

And also, when you showed the picture for Find Blocked Domain In Lists, I'm curious why it showed the whitelist for you, and not for me.

Try the Query List tool again now that group membership is corrected. I added the whitelist regex to default and the workstation I'm on right now is in that same group.

It may be that your browser is on a computer that is in a different group than the one the whitelist was assigned. The debug shows two clients, both in the Admin group, while the whitelist regex was applied only to the default group that looks like it has no clients associated.

1 Like

I typed in nuskin.com and it showed. Before I did just nuskin. That's very interesting. Thanks Dan! I guess I need to play more with Pi-hole now :smiley:

You may be able to use nuskin in the search, but as soon as you add a trailing root (the .) then you change the meaning of the domain. nuskin. is not the same as nuskin.com or nuskin

Edit: Unless you're using Windows and trying to avoid Windows helping you by adding search domains to unqualified domains without any .s. But that's a whole other holy war.

1 Like

Yeah, it makes sense now. I just assumed the search would just follow a strpos kind of way. No wonder sometimes when I search something in there, it would say Invalid domain! for example. searches.

1 Like

It's bash and php, we don't want to confuse it any more than it already is....

1 Like

Hahaha definitely!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.