Does pixelserv-tls also work for https-ads without display of an error in the browser, ?
No problem to block facebook, for example, because of HSTS/pinned certs ?
Exactly. The ad becomes collapsed space on well designed webpages. Or shown as empty space if pages having hard coded space for ads.
pixelserv-tls supports HSTS as well as CORS. Haven't run into issues with Facebook.
Instagram, for example, quietly uploads data to graph. instagram. com (a commonly blocked domain). The app disconnects and attempts a few times in such case. You can configure pixelserv-tls to capture these events to syslog when they occur. The app continues to work. The down side is, in such case, you won't be able to inspect what data Instagram attempts to upload to the blocked domain.
I did something similar as pixelserv myself in the past, on openwrt. Problem, however, was https, as the browser (esp. Chrome) always complained about cert-error when trying to fetch the 1-pixel file instead of the real ad. AFAIK, only possibility to avoid this error display would have been to install a special cert on the client.
For your solution, to work with https without error, is it required to install cert on client ?
Makes sense. You know how to open new topic and move existing posts over there ?
@dibdot Sorry for the digression on pixelserv-tls in this thread.
To all, I've created a new thread and let's discuss there: Pixelserv-tls for Adblock
For moving messages, I believe we need forum moderators' assistance. Since only a few posts, perhaps we could leave as-is for now.
Adblock features can very well be improved to stand unique in the market.
Is it possible to use adblock with transparent tor ? Tor has 192.168.2.1:9053 as DNS server and adblock is only working on 192.168.1.1:53. Any ideas ?
While running adblock with wget backend:
Mon Apr 15 23:51:11 2019 user.debug adblock-3.6.5[31329]: f_main ::: name: adaway, url: https://adaway.org/hosts.txt, rc: 1, log: /usr/bin/wget: unrecognized option: no-cache Usage: /usr/bin/wget [options] <URL> Options: -4 Use IPv4 only -6 Use IPv6 only -q Turn off status messages -O <file> Redirect output to file (use "-" for stdout) -P <dir> Set directory for output files --user=<user> HTTP authentication username --password=<password> HTTP authentication password --user-agent|-U <str> Set HTTP user agent --post-data=STRING use the POST method; send STRING as the data --spider|-s Spider mode - only check file existence --timeout=N|-T N Set connect/request timeout to N seconds --proxy=on|off|-Y on|off Enable/disable env var configured proxy HTTPS options: --ca-certificate=<cert> Load CA certificates from file <cert> --no-check-certificate don't validate the server's certificate
While running adblock with uclient-fetch backend with libustream-wolfssl20150806 library:
Mon Apr 15 23:49:06 2019 user.debug adblock-3.6.5[30883]: f_main ::: name: adaway, url: https://adaway.org/hosts.txt, rc: 4, log: Downloading 'https://adaway.org/hosts.txt' Connecting to 2606:4700:30::6818:6859:443 Connection error: Connection failed
Both result in overall_domains : 0.
[UPD] Use libustream-openssl20150806. It works then.
@secondfry
What OpenWRT version? Seems like you might have wget that doesn't support no-cache option.
When you're using ufetch it tries to use ipv6 for some reason, do you have an ipv6 internet connection?
Version info: Powered by LuCI Master (git-19.022.57088-61b9f7a) / OpenWrt SNAPSHOT r9133-e906a75
Yes, I do have IPv6.
please post the output of wget --version
Just enable adblock (first option on the adblock frontpage in LuCI under Services => Adblock) and click on Save & Apply. After a short period you should see something like that:
Two things to consider, adblock will never catch all advertisements, as it's DNS based and relies of the external blocklists, rather than being able to parse the actual HTML structure and apply context sensitive heuristics (and neither those are perfect), the other thing is the size of your (enabled-) blocklist, ~4000 blocked hosts is just a drop in the ocean (I'm around 20'000, with a limited selection of enabled blocklists, which is far blocking everything as well, but it does block the most annoying stuff that bothers me (auto-playing sounds/ videos, hover-over ads, etc.).
The default list setup is based on low memory/weak routers ... personally I've enabled the following sources:
adaway, adguard, bitcoin, disconnect, ransomware, whocares, winspy, yoyo, zeus plus a static/personal blacklist (in sum round 30k blocked domains)
I have 764K adblock entries on my R7800 but it is noticably slower than an external Pi-Hole with 3.1M enties on a Banana Pro (DNS cache set to 0 in OpenWrt).
Most probably the connected clients don't use your adblock enabled dns server for resolving. Repeat the following nslookup tests on your router and on a connected client, you should receive something like that:
local output on your router:
root@blackhole:~# nslookup example.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find example.com: NXDOMAIN
** server can't find example.com: NXDOMAIN
local output on a connected client:
root@t480s:/home/dirk# nslookup example.com
Server: 192.168.1.254
Address: 192.168.1.254#53
** server can't find example.com: NXDOMAIN
The second test should always return the ip address of your gateway/router/dns resolver ... if not, your clients are using a different one ...
Huge blocklists (about 1Mio. entries) to be managed on backend server, similar to openDNS.
This is what I did in a commercial project, for "Parental Control".
Or as private alternative to openDNS, for public (free) hotspot systems.
Hi,
I'm getting a lot log entries, is this normal? Also why twice in same minute?
logread | grep "more local addresses"
Sun May 5 20:30:42 2019 daemon.info dnsmasq[12181]: using 74099 more local addresses
Sun May 5 20:31:21 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:35:42 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:35:43 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:40:43 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:40:44 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:45:44 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:45:45 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:50:45 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:50:46 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:55:46 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 20:55:47 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:00:47 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:00:48 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:05:48 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:05:49 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:10:49 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:10:50 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:15:50 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:15:51 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:20:51 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:20:52 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:25:52 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:25:53 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:30:53 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:30:54 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:35:54 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:35:55 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:40:55 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:40:56 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:45:56 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:45:57 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:50:57 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:50:58 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:55:58 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 21:55:59 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:00:59 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:01:00 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:06:00 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:06:01 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:11:01 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:11:02 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
Sun May 5 22:16:02 2019 daemon.info dnsmasq[12181]: using 74120 more local addresses
No, it's part of the normal dnsmasq startup ... check the (logread) context to figure out why dnsmasq gets restarted every 5 minutes, maybe an out of memory condition or something like that!?