Why does uBlock block requests to all domains when using a proxy server?
I have Firefox installed with uBlock and FoxyProxy extensions for managing proxy servers. When the proxy is disabled, sites load normally. However, when switching to any proxy server, uBlock starts blocking all requests to domains other than the main domain of the site (including subdomains). If I disable uBlock, sites work correctly even through the proxy. How can I configure uBlock to work properly with proxy servers, or is this a more complex problem that requires other solutions?
uBlock blocks all requests to domains when using a proxy server due to a conflict between the extension’s DNS API and proxy settings. This occurs due to the “CNAME uncloaking” feature (cnameUncloak) which was added in uBlock Origin 1.25 and is only available in Firefox. To resolve the issue, you need to disable this feature or properly configure the interaction between uBlock and proxy extensions.
Contents
- Problem Cause
- Configuring uBlock to Work with Proxy
- Alternative Solutions
- Step-by-Step Instructions
- Testing and Verification
Problem Cause
The main reason for blocking all domains when using a proxy server is related to the specific operation of the DNS API in uBlock Origin. As explained in research, starting from version 1.25, uBlock Origin uses a Firefox-specific DNS API to block “cloaked” first-party trackers.
Important: This feature allows uBlock to detect and block requests to third-party domains that are disguised as subdomains of the main site through CNAME records. However, when using a proxy server, a conflict occurs in DNS request processing.
The problem manifests in that when a proxy is enabled (especially through an extension like FoxyProxy), uBlock continues to send DNS requests through system settings rather than through the proxy, which leads to:
- Discovery of real IP addresses instead of proxy addresses
- Traffic routing conflicts
- Blocking of legitimate requests
Configuring uBlock to Work with Proxy
To solve the problem, there are several approaches to configuring uBlock Origin:
1. Disabling the CNAME Uncloaking Feature
The most effective way is to disable the cnameUncloak function in uBlock settings:
- Open uBlock Origin settings
- Go to the “Advanced” or “Advanced user mode” tab
- Find the
cnameUncloakparameter and set it tofalse
As noted in one source, this setting specifically helps avoid DNS leaks when using a proxy.
2. Configuring DNS over HTTPS
In Firefox settings, you can change DNS over HTTPS parameters:
- Go to
about:preferences#privacy - In the “Network Protection” section, change DNS over HTTPS settings to “Off” or “High Protection”
- In “Connection Settings” change “Use system proxy settings” to “No proxy”
3. Synchronizing Proxy Settings
Ensure that proxy settings are consistent between Firefox and extensions:
- In FoxyProxy, check that “Send DNS through SOCKS5 proxy” is enabled
- In uBlock, ensure there are no conflicting filtering rules
Alternative Solutions
If basic settings don’t help, let’s consider additional options:
Using Alternative Blocking Methods
-
Disabling Dynamic Filtering
- Enable “advanced user mode” in uBlock
- Disable dynamic filtering for proxy connections
-
Manual Filter Configuration
- Create a whitelist for important domains
- Use “My Rules” instead of “My Filters” for blocking rules
Extension Replacement
In extreme cases, consider:
- Using other ad blockers that work better with proxies
- Combining uBlock with other tools for proxy management
Step-by-Step Instructions
Here’s a detailed instruction for solving the problem:
- Disable uBlock Origin during configuration
- Open uBlock settings (extension icon > Settings)
- Go to Advanced user mode (if not enabled)
- Find the cnameUncloak parameter in settings and set it to
false - Restart the browser
- Check proxy operation with uBlock disabled
- Enable uBlock and verify correct operation
If the problem persists:
- Open about:config in Firefox
- Find the parameter
network.proxy.socks_remote_dns - Set the value to
true - Restart Firefox
Testing and Verification
After configuration, you need to check:
DNS Leak Testing
- Use services like dnsleaktest.com
- Compare results with uBlock enabled and disabled
- Ensure that IP address is not exposed when using a proxy
Functional Testing
- Load sites through proxy with uBlock enabled
- Check loading of subdomains and external resources
- Ensure that ads are blocked while legitimate content loads
Traffic Monitoring
- Use developer tools in Firefox
- Check network requests in the “Network” tab
- Ensure that legitimate requests are not being blocked
Sources
- GitHub Issue - uBlock Origin v1.25.0 new feature cause DNS leaks
- VPN Reviewer - uBlock Origin Firefox add-on causing DNS leaks
- Bleeping Computer - uBlock Origin 1.25 blocks cloaked first-party scripts
- Mozilla Support - Firefox and uBlock Origin
- GitHub - uBlock supports DNS leak with DOH and proxy
- FoxyProxy issue with uBlock and SOCKS5
Conclusion
The problem of uBlock blocking all domains when using a proxy server is a known issue related to the interaction between the extension’s DNS API and Firefox proxy settings. The main solutions include:
- Disabling the cnameUncloak feature in uBlock settings - this is the most effective method
- Proper configuration of DNS over HTTPS and proxy in Firefox
- Synchronization of settings between uBlock and proxy extensions
If basic settings don’t help, you can consider using alternative blocking methods or temporarily disabling some uBlock features. It’s important to regularly check settings and test functionality after making changes to ensure both security and functionality simultaneously.
For additional information, always refer to the official uBlock Origin documentation and the project’s GitHub repository, where similar issues are discussed and solutions are provided.