Customising Pi-hole block lists: adding local and third-party rules

Twitter Linkedin

While ad-blocking generally results in a faster, more secure and less cluttered browsing experience it is not without its drawbacks. Increasingly pages are refusing to work with ad-blockers and links will redirect to an advertising or tracking domain before redirecting you to the page you requested. In these cases, rather than enhancing your browsing experience, Pi-hole can start to get in your way. For the ultra-security conscious this is undoubtedly a good thing, why would you want to follow a link that’s going to track you or visit a page which insists on showing you content you have not requested and do not want? However, for most of us there may be pages we want to visit that will require some customisation of our block lists. We may also wish to customise block lists to add extra rules. In my previous article on Pi-hole I mentioned adding additional block lists to block adult content or scam and malware sites. By adding custom block lists we can have automatically updating blacklists for various different types of content.

Allowing certain advertising domains

While browser-plugins have the option to disable blocking for a specific page or site, you won’t find this functionality in Pi-hole. This is a necessary trade off for having automatic ad-blocking for every device on your local network. Instead we must either temporarily disable all ad-blocking or whitelist just the advertising domains we need. Suppose you are visiting a site and find parts of it appear to be broken. We can quickly identify whether it is the Pi-hole which is breaking it by going to the admin console and selecting “Disable” from the left hand menu.

We see that we have options to disable Pi-hole permanently (i.e. until you turn it back on) or for a specified period of time. This is invaluable for determining the Pi-hole is the issue. If we disable it and the site starts working we know that it was the issue, if the site is still broken we may have another issue and know to look elsewhere. Once we know the cause of the issue we can start to identify which ad services the site is attempting to contact. To do this we go to the “Query Log” section where we can see the requests our Pi-hole has served and what it has blocked.

Here we see our blocked domains marked in red. If we see the same domains appear in red every time we try to access our broken site we can press the “Whitelist” button to add them to the local whitelist. If we later decide we want to block them again we can go to the “Whitelist” section in the navigation menu and delete them again.

Blocking different types of content

If we go in to our settings menu we can see our enabled block lists by going to the “Blocklists” section in the top bar. I have all of the inbuilt lists enabled and have no custom lists.

Let’s now take a look at excerpts from a few of these lists to see their format:

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
----------------------------------------------------------------
0.0.0.0 1493361689.rsc.cdn77.org 
0.0.0.0 30-day-change.com 
0.0.0.0 2468.go2cloud.org 
0.0.0.0 adservice.google.nl 

http://sysctl.org/cameleon/hosts
----------------------------------------------------------------
127.0.0.1     0.r.msn.com
127.0.0.1     0.start.bz
127.0.0.1     000dom.revenuedirect.com
127.0.0.1     005.free-counter.co.uk

https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
----------------------------------------------------------------
101com.com
101order.com
123found.com 
140proof.com 

The first two formats will be familiar to anyone who has used hosts file blocking. They respond to DNS queries with either the local address or the wildcard address, preventing access to the real IP address for the domain. The third block list is simply a list of domains we want to block. Pi-hole accepts all of these formats, meaning that it will accept pretty much any text based list we can find online.

So where can we find additional block lists? GitHub is a good place to start and hosts several block lists, primarily for advertising domains but also for different content types. Other good sites hosting block lists for different types of content are Firebog which mainly focuses on advertising, tracking and malware and Blocklist Project which has lists for many different types of content including drugs, gambling, malware, ransomware, torrents, fake news and many others. Lets say we want to block gambling sites, we simply click “More Info” on the gambling section to find the link to the list and copy the link in to our Pi-hole block lists.

We can now click “Save and update” to add this list to the block list and download a copy of the list. If we just click “Save” we’ll need to manually update later to start blocking these domains.

Note that we are not simply pasting a copy of the list in to Pi-hole, we are providing a link to the source. This means that if the list is ever updated Pi-hole will automatically get the changes. By default it updates weekly on a Sunday. If you wish to change this you can edit the schedule in /etc/cron.d/pihole on your Pi-hole.