It works on personal blockpage for me. Indeed blockpage for adblocking is not a good idea (only enabled for malware)
Cloudflare Gateway Free Plan
- Thread starter rashmi
- Start date
Yes, the block page (with Cloudflare certificate) is informational for website blocking but not beneficial for ad blocking. The websites look messier with the block page replacing empty blocks (ads removed) in the absence of an ad-blocking extension.
That was a good suggestion. I removed all the INFO text and replaced it with different icons for different tasks. I probably overdid it with emojis nowI downloaded your repo and uploaded to mine. So I'm not affected by the change. Will have to download again, thanks!
Btw you can also change INFO text in log withemoji. It might look a bit better in logs.
You're right. When I just copy a site name from the Hagezi filter, I see a nice block page,
but if I add https in the link, then you're right, I see the certificate error.
mrrfv's script also enables block page for his adblocking script, btw. Did you have any issue with it? I didn't enable it till now because it's easier for me to check on my PC and router's DNS logs to look for 0.0.0.0 to identify what has been blocked. Also, 0.0.0.0 has the advantage of dropping the connection almost instantly.
I'll revert this change. Thanks.
Not for me; it's perfect! Anything that would put less characters in a line is a plus for me. I often visit logs from a mobile device and it's terrible experience because everything goes into second line so it's hard to keep track of entries. Takes me a good amount of time to find I what I was looking for.I probably overdid it with emojis now
That's why I suggested swapping INFO text with emoji. Emojis are easy to distinguish so I could immediately find what I'm looking for.
Last edited:
Can you effectively allow a particular domain, which is blocked by another block rule (by content category, ect.)?
Absolutely!
Just create a new firewall policy (I call mine Allowlist) -> Selector:
Domain -> Operator: in -> Value: example.com -> Action:Allow, then save the policy. Blocked domain should become unblocked immediately.Note: the policy that allows blocked domains needs to be first in order on the policy list otherwise it won't work.
Last edited:
Thanks. I did id, but instead "in" I previously used "is", and with "is" the rule did not work.
@Andy Ful
Have you enabled both new and newly seen categories. I am turning my head around to understand the difference you report on half our old phishing blocks and my results. Even when I include not confirmed phishes Cloudflare + Google safe browsing occasionaly miss only 1 when I test the last 10 (newest entries).
Because I have different explainer rule per policy I am dead sure the feeds (of lower priority) sporadically block something.
Have you enabled both new and newly seen categories. I am turning my head around to understand the difference you report on half our old phishing blocks and my results. Even when I include not confirmed phishes Cloudflare + Google safe browsing occasionaly miss only 1 when I test the last 10 (newest entries).
Because I have different explainer rule per policy I am dead sure the feeds (of lower priority) sporadically block something.
He meant on categories new domains and newly seen domains. You can find it under content categories.
Yes.
I’ve been reading through this thread and the ten pages of script discussions, and I have to ask a serious question about the practicality of this setup for a home network. While the power of Cloudflare Gateway is undeniably impressive for a free tier, the requirement to run API scripts to bypass UI limits, manage GitHub Actions, and install Root Certificates on every device just to avoid HTTPS errors feels like we are building a "glass cannon." My main concern is the "Bus Factor" (or "Spouse Factor"), if I set this up using AI-generated scripts to handle the API and something changes on Cloudflare’s end, like a schema update or rate limit, my internet doesn't just stop blocking ads, it potentially stops working entirely. If I'm not home to troubleshoot the specific script failure or expired certificate, nobody else in the house can fix it, leaving the network dead in the water.
I’m curious to hear from those deep in this ecosystem, what actually happens when you misconfigure this setup? Does it "fail open" (allowing ads through) or "fail closed" (killing internet access)? For intermediate users who want the benefits of "Hagezi Pro" blocking without taking on a second job as a SysAdmin, is there a consensus on "set and forget" alternatives like NextDNS or ControlD that don't require this level of scripting? I'm trying to weigh the technical "cool factor" against long-term reliability and would love to know if the maintenance overhead has actually been worth it for your daily drivers. Is this something you would recommend for your grandparents or other average users in your life?
I’m curious to hear from those deep in this ecosystem, what actually happens when you misconfigure this setup? Does it "fail open" (allowing ads through) or "fail closed" (killing internet access)? For intermediate users who want the benefits of "Hagezi Pro" blocking without taking on a second job as a SysAdmin, is there a consensus on "set and forget" alternatives like NextDNS or ControlD that don't require this level of scripting? I'm trying to weigh the technical "cool factor" against long-term reliability and would love to know if the maintenance overhead has actually been worth it for your daily drivers. Is this something you would recommend for your grandparents or other average users in your life?
Last edited:
If you add multiple domains under one selector then "in". If you put one domain per selector then "is".Thanks. I did id, but instead "in" I previously used "is", and with "is" the rule did not work.
I didn't want to say this, and I've been mostly respectful to everyone in this forum.
But I need to ask you to stop being a "smartass" on every thread and every topic. Only few of us are using Cloudflare Zero Trust at the moment in this forum and it's been working great at the moment. We wouldn't be using if it wasn't. Also, we are not telling anyone, "Come and join us", Other DNS are sh**t".
It was @rashmi who first made me aware that Cloudflare Zero Trust can be used for free. So, I got curious and started to try it myself, learned that GitHub actions can be configured to add filters like Hagezi Multi Pro++ and auto-update them. Seeing our convo @Marko :) got curious too and he started to try as well. Then @LinuxFan58 who's not using GitHub action as far as I know. He has his own setup. A couple of other members probably have also. Now @Andy Ful has been playing and testing it as well. So, we are all testing, learning and using it. There is nothing wrong about anything. No one is preaching anything.
I have used NextDNS on and off since it was in beta. It was also the DNS for my family. Then also used AdGuard DNS for the family because it has some features that NextDNS didn't or was outdated. Now after using only on my PC and phone for a while I realized that Cloudflare Zero Trust can be perfectly fine for the family as well. I haven't had to do anything special to maintain it. It is "Set & Forget" for me and others who are using it.
We are not telling anyone to stop using other DNS and jump on the bandwagon. To random people on social media or people I know more or less in real life, I suggest AdGuard Public DNS. To a couple of very close friend of mine, I suggested ControlD with Hagezi Pro++ while also told them to save the address of AdGuard Public DNS as a backup if ControlD stops working. I will never suggest Cloudflare Zero Trust to this people. We are not stupid.
If zero trust stops working, we will switch to other DNS providers. You don't have to worry about it. Also, to update the filters GitHub action is not needed. I can run the script locally on my PC, can run it on Termux from my phone. GitHub simply makes it easy to auto-update. Those who don't need filters like Hagezi don't even have to touch any script.
So yeah, stop trying to start an argument on every thread for the sake of it. Share your knowledge if it's worth sharing but don't make a scene everywhere.
A couple of days ago, a friend of the forum sent me a link to one of your comments in his thread and making fun of you by calling you, "The professor in all subjects". I laughed, he laughed but this is not comedy. Don't try to be a guy that people start making fun of.
@SeriousHoax
I am only using the Zero Trust portal at the moment.
only two parts of the user interface are relevant when using it as DNS filter only:
1. Insights > Logs > DNS (to see what is blocked)
2. Traffic policies > Firewall Policies > for adding and editing policies
It is harder to find your way through GUI (because of the many professional options) than to set and forget the Zero Trust firewall policies in its most basic form.
I am only using the Zero Trust portal at the moment.
only two parts of the user interface are relevant when using it as DNS filter only:1. Insights > Logs > DNS (to see what is blocked)
2. Traffic policies > Firewall Policies > for adding and editing policies
It is harder to find your way through GUI (because of the many professional options) than to set and forget the Zero Trust firewall policies in its most basic form.
Okay, only difference is I block everything from resolved country IP from Belarus, Russia, China, North Korea, Iran and TOR-network. and this oneYes.
Also this policy blocks a lot (e.g. latest from Phishtank at the moment)
In my extension testing Symantec also did best followed by Avira and Osprey (Osprey work great with only AlphaMountain WebProtection enabled)
Last edited:
Yes, this is true.
However, the @Divergent's post was not disrespectful but rather sceptical.
I have not explored external scripts so far. So it might be interesting to briefly discuss the Divergent's objections about scripts.
No need, you can read about his objections in this thread (everything before your post "back to topic"Yes, this is true.
However, the @Divergent's post was not disrespectful but rather sceptical.
I have not explored external scripts so far. So it might be interesting to briefly discuss the Divergent's objections about scripts.
)I got a ban in that thread because I confessed to one of the mods it was to much fun and to easy to get him going as a professor holding a chair at the University of all.
Last edited:
This is not a popular contest for me so I could care less what you or your friend thinks. Misleading average users such as the case of the other thread is my concern.
No need, you can read about his objections in this threas (everything before your post "back on topic"
The pros & cons of using external scripts have not clarified yet.
You may also like...
-
Need guidance and advice from those knowledgeable about ad blocking
- Started by rashmi
- Replies: 55
-
Google Cloud and Cloudflare hit by widespread service outages- Started by Gandalf_The_Grey
- Replies: 22
-
