Problem with URL Filtering

Hello everyone!!

I have a problem accessing a certain GitHub URL. For example, when I try to update Pi-hole the address objects.githubusercontent.com cannot be resolved:

At first, I thought it was an issue with Pi-hole itself or with openDNS, its upstream DNS server. But I realized that this is not the case, it happens to me when I try to download something from GitHub.

Investigating, I have seen that, for example:
- If I temporarily disable the blocking, the Pi-hole blocking still does not resolve the URL.
- If I ping from outside my LAN, it does respond:

In Pi-hole I have put the URL on a whitelist. In Sophos, I have tried to do the same, I think I have done it right, but the address is still not resolved.

Any suggestions?

Kind regards,

Albert

Added TAGs
[edited by: Raphael Alganes at 3:26 PM (GMT -7) on 24 Oct 2024]

Top Replies

albert cutrona 27 days ago in reply to albert cutrona +2 verified

Hello!! Finally I've resolved the issue: The culprit was a third-party threat feed, the CiberHost_UK, the domain .githubusercontent.com is categorized as malware: Kind regards. Albert

Parents

0 albert cutrona 28 days ago

Hello!!

After going around in circles, doing many tests and trying various configurations both on the Pi-hole and on the Sophos, it is clear to me that there is something in the firewall that is blocking the domain (and the subdomains) *.githubusercontent.com.
The last test that confirms this is the ping from Sophos itself to the domain, as you can see in the screenshot, this time I do get a response:

As I said, I have done several tests, such as adding the domain as an exception, fine-tuning the web filtering policy, fine-tuning the internet browsing policy, adding the FQDN as an exception, changing the DNS offered by the DHCP... But nothing works, I am quite confused...

What else could I try?

Kind regards!!

Albert.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 albert cutrona 27 days ago in reply to albert cutrona

Hello!!

Finally I've resolved the issue:

The culprit was a third-party threat feed, the CiberHost_UK, the domain .githubusercontent.com is categorized as malware:

Kind regards.

Albert
Cancel
Vote Up +2 Vote Down

Sign in to reply

Reject Answer

Cancel
0 nd 27 days ago in reply to albert cutrona

thx for sharing your solution.

I am wondering because I have two sfos instances and networks which also using a pihole setup. On both updates are working without any issues.

Have reported that false-positive to sophos yet?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 nd 27 days ago in reply to albert cutrona

thx for sharing your solution.

I am wondering because I have two sfos instances and networks which also using a pihole setup. On both updates are working without any issues.

Have reported that false-positive to sophos yet?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 albert cutrona 27 days ago in reply to nd

Hello nd ,

I've only reported this false positive to CyberHost_UK, reporting also to Sophos is a good idea. Thanks for your suggestion!!

Kind regards.

Albert.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel