pfSense Gold Subscription

Author Topic: pfblocker (DNSBL) and android amazon app (android web viewer) issue "SOLVED"  (Read 1324 times)

0 Members and 2 Guests are viewing this topic.

Offline scorpious

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Hi all,

I seem to have a issue loading amazon via the android app. the app loads up, but does not display content, it briefly displays the amazon content, but then loads up with an update android system webview error.

I have tried to uninstall the webview and reinstall it. still doesn't work. Amazon app works fine on LTE/other wifi networks.

pfsense is strictly Ethernet, the LAN is connected via a access point.

I do not have issues running amazon app running via kindle or windows 10, its only on android.

I have pfblocker and snort running.

From what I have gathered is, the DNSBL when enabled prevents the android web viewer to display content, when I disable DNSBL it works. is there some kind of a whitelist or parameter that needs to be entered to get this working?
DNSl BL has the usual easylist applied and Alexa whitelist with IP firewall setting denied to both.

any suggestions on how to setup pfsense to get amazon working again?

thanks

ashish
« Last Edit: December 06, 2016, 05:29:05 pm by scorpious »

Offline f34rinc

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +21/-0
    • View Profile
    • legoclan
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #1 on: December 06, 2016, 12:56:26 pm »
What does the alerts tab for pfBlockerNG show?  Scroll down to the bottom and DNSBL alerts will be visible, click the + sign next to a blocked item to add it to the whitelist.

Offline scorpious

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #2 on: December 06, 2016, 01:39:10 pm »
I found the following info for the Alert, and added the info to white list. Ran Update/Cron/Reload.

I still have the issue.


Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #3 on: December 06, 2016, 01:57:34 pm »
Post the output of

Code: [Select]
grep amazon /var/unbound/pfb_dnsbl.conf
Do NOT PM for help!

Offline scorpious

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #4 on: December 06, 2016, 02:22:31 pm »
local-data: "amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "amazon-cornerstone.com 60 IN A 10.10.10.1"
local-data: "amazonily.com 60 IN A 10.10.10.1"
local-data: "assoc-amazon.ca 60 IN A 10.10.10.1"
local-data: "assoc-amazon.co.uk 60 IN A 10.10.10.1"
local-data: "assoc-amazon.com 60 IN A 10.10.10.1"
local-data: "assoc-amazon.de 60 IN A 10.10.10.1"
local-data: "assoc-amazon.es 60 IN A 10.10.10.1"
local-data: "assoc-amazon.fr 60 IN A 10.10.10.1"
local-data: "assoc-amazon.it 60 IN A 10.10.10.1"
local-data: "aan.amazon.com 60 IN A 10.10.10.1"
local-data: "aax-eu.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "aax-us-east.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "aax-us-pdx.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "adagiobanner.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "dra.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "fls-na.amazon.com 60 IN A 10.10.10.1"
local-data: "ir-na.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "mobileanalytics.us-east-1.amazonaws.com 60 IN A 10.10.10.1"
local-data: "mobileanalytics.us-east-2.amazonaws.com 60 IN A 10.10.10.1"
local-data: "mobileanalytics.us-west-1.amazonaws.com 60 IN A 10.10.10.1"
local-data: "mobileanalytics.us-west-2.amazonaws.com 60 IN A 10.10.10.1"
local-data: "rcm-images.amazon.com 60 IN A 10.10.10.1"
local-data: "rcm-it.amazon.it 60 IN A 10.10.10.1"
local-data: "sdogiu.bestamazontips.com 60 IN A 10.10.10.1"
local-data: "uedata.amazon.com 60 IN A 10.10.10.1"
local-data: "aax-us-west.amazon-adsystem.com 60 IN A 10.10.10.1"
local-data: "admarvel.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "campaign-tapad.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "html5adkit.plusmo.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "iacpromotion.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "inneractive-assets.s3.amazonaws.com 60 IN A 10.10.10.1"
local-data: "strikeadcdn.s3.amazonaws.com 60 IN A 10.10.10.1"

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #5 on: December 06, 2016, 03:23:54 pm »
Eh, stick something like

Code: [Select]
.s3.amazonaws.com

to the whitelist?
Do NOT PM for help!

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #6 on: December 06, 2016, 04:35:16 pm »
Did you use the "+" icon to whitelist s.amazon-adsystem.com? This will also whitelist any CNAME.

Or remove the leading "." and just put
Code: [Select]
s.amazon-adsystem.com
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline scorpious

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: pfblocker (DNSBL) and android amazon app (android web viewer) issue
« Reply #7 on: December 06, 2016, 04:37:44 pm »
I tried to enter that in the custom list, but it did not seem to have any affect.

digging into it further I turned off the DNSLB feed "someonewhocares" ad blocking. and Amazon android web service worked.

further down the list the check mark for Alexa white list was turned off. so when I checked that and restarted DNSLB. Amazon AWS was working, expect for pages that did not have ads "like order page" and few others, but not the home page.

so I made the following change to the custom white list in DNSLB

.amazonaws.com
.amazon-adsystem.com

and reran the UPDATE. Amazon AWS works like a charm. no issues.

I suppose I can consider this Thread SOLVED.

Thanks a lot for your help.

Ashish



Offline bchow

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
This is an old thread, but I have this working as of 9/15/17 for the Amazon app.  There was one one domain not showing up in the DNSBL logs/alerts that I found in the main firewall, and that was googleapis.com.  Here is my current whitelist that allows plex, and the amazon android app to work.

.amazonaws.com
.amazon-adsystem.com
.amazon.com
.ssl.google-analytics.com
.ssl-google-analytics.l.google.com # CNAME for (ssl.google-analytics.com)
.www.google-analytics.com
.www-google-analytics.l.google.com # CNAME for (www.google-analytics.com)
.www.googleadservices.com
.plex.tv
.gravatar.com
.thetvdb.com
.themoviedb.com
.googleapis.com # 172.217.3.202 is important for amazon app to work
.1e100.net # cname? altname? for googleapis.com

Offline thezfunk

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +3/-0
    • View Profile
Running into this exact problem and I tried everything I see  in this thread to no avail.  Do I have to refresh something when I add something to the whitelist?