AB-Solution - The Ad Blocking Solution

[mannp]

In the AB sub menu, use es and set the three Dnsmasq settings as follows:
1500
5
on
See if that helps.

Thanks.

It didn't change anything unfortunately, the same resolve to NXDOMAIN.

 

[Artanis]

--2017-08-06 21:33:52-- (try:20) http://192.168.1.3/servstats.txt
Connecting to 192.168.1.3:80... failed: Connection timed out.
Giving up.

So that's where the issue lies. Thanks a lot for your help btw. I really appreciate it!

hi
i have same problem with you
ps doesnt work
failed to connect serverstats
how you fix this thanks

 

[thelonelycoder]

hi
i have same problem with you
ps doesnt work
failed to connect serverstats
how you fix this thanks

This could be some firewal rule blocking access to it.

 

[Laonifaron]

This could be some firewal rule blocking access to it.

A firewall rule? How can this be fixed? I have no firewall running anywhere.

edit:

When I put this into chrome:
http://192.168.1.3:80/servstats.txt

It shows me the stats, even though the wget in terminal fails? So it's like the router can't access itself but my pc can???

 

[Artanis]

This could be some firewal rule blocking access to it.

before latest update i can use ps normally
i dont change any config on my KIS
do you know how to fix this?
i use KIS
thanks

 

[thelonelycoder]

before latest update i can use ps normally
i dont change any config on my KIS
do you know how to fix this?
i use KIS
thanks

KIS?
What exact firmware are you all running that prevents wget to a local IP?

 

[Laonifaron]

KIS?
What exact firmware are you all running that prevents wget to a local IP?

Latest merlin stable

 

[nokaah]

A firewall rule? How can this be fixed? I have no firewall running anywhere.

edit:

When I put this into chrome:
http://192.168.1.3:80/servstats.txt

It shows me the stats, even though the wget in terminal fails? So it's like the router can't access itself but my pc can???

Your router by default have a firewall (iptables) enabled.
Have you enabled access restrictions under www.asusrouter.com/Advanced_System_Content.asp (Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
Or, in terminal (won't survive a reboot or reload of firewall):

iptables -I  ACCESS_RESTRICTION -s 192.168.1.3/32 -p tcp -m multiport --dports 80 -j ACCEPT

 

[Artanis]

Your router by default have a firewall (iptables) enabled.
Have you enabled access restrictions under www.asusrouter.com/Advanced_System_Content.asp (Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
Or, in terminal (won't survive a reboot or reload of firewall):

iptables -I  ACCESS_RESTRICTION -s 192.168.1.3/32 -p tcp -m multiport --dports 80 -j ACCEPT

oh thanks
(Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
adding ps ip address fixed
thanks you very much

 

[Laonifaron]

Your router by default have a firewall (iptables) enabled.
Have you enabled access restrictions under www.asusrouter.com/Advanced_System_Content.asp (Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
Or, in terminal (won't survive a reboot or reload of firewall):

iptables -I  ACCESS_RESTRICTION -s 192.168.1.3/32 -p tcp -m multiport --dports 80 -j ACCEPT

Well, damn. You were right. I did only allow specified IP adresses. I just disabled that and now it works...

The thing is: I've always had that setting enabled. Merlin must have changed something in his last build that caused that change. Seemingly the setting wasn't actually applied before that. Either way, thanks a lot.

 

[thelonelycoder]

Well, damn. You were right. I did only allow specified IP adresses. I just disabled that and now it works...

The thing is: I've always had that setting enabled. Merlin must have changed something in his last build that caused that change. Seemingly the setting wasn't actually applied before that. Either way, thanks a lot.

I guess that means another check will arrive soon in that script.

 

[thelonelycoder]

AB-Solution 3.9.1 is now available, use cu to update.
ab-solution.sh, functions.add and pixelserv-tls.add

Support added for access restrictions in 380.66 and later, set in:
Administration > System / Allow only specified IP address.
This allows AB-Solution to do the pixelserv-tls tests during installation and start-up.
The LTS fork by @john9527 is not affected by these Asus changes.

This change auto-adds the necessary access restriction rule when installing pixelserv-tls when Access restriction is enabled.

 

[Makaveli]

AB-Solution 3.9.1 is now available, use cu to update.
ab-solution.sh, functions.add and pixelserv-tls.add

Support added for access restrictions in 380.66 and later, set in:
Administration > System / Allow only specified IP address.
This allows AB-Solution to do the pixelserv-tls tests during installation and start-up.
The LTS fork by @john9527 is not affected by these Asus changes.

This change auto-adds the necessary access restriction rule when installing pixelserv-tls when Access restriction is enabled.

Just upgraded no issues.

Thank you sir.

 

[WillyTP]

Hello everybody!
I need some advice regarding ab-solution and pixelserv.

I installed Ab-Solution on my RT-AC68U, with blocking hosts choice n.2 from the installer, and afterwards I installed pixelserv.
"All ok", ad blocking works.

However, in some websites (for example on google.it/shopping , I make a search, I click on a choosen product to reach the destination website / seller page)
my browser returns the following error:
Il gestore di www.googleadservices.com ha configurato il sito in modo non corretto. Per evitare potenziali furti di informazioni Firefox ha interrotto la connessione.
"Questo sito utilizza il protocollo HSTS (HTTP Strict Transport Security) per garantire che la connessione con Firefox avvenga esclusivamente in modo sicuro. Per questo motivo non è possibile aggiungere un’eccezione per questo certificato." (message is in Italian, however I believe you understand the meaning)

Instead, if I disable Pixelserv, landing page looks like this:
"Impossibile contattare il server
Firefox non riesce a contattare il server www.googleadservices.com."

Could somebody tell me "why" the certificate error in the first case?
Moreover, why with some "classic" ad-blocking software (like AdBlock Plus) I get just banner removed, while with Ab-Solution I'm not able to browse websites anymore?

The only solution (in this specific case for example) is to remove www.googleadservices.com from the black list?

Thanks for support!

 

[thelonelycoder]

Hello everybody!
I need some advice regarding ab-solution and pixelserv.

I installed Ab-Solution on my RT-AC68U, with blocking hosts choice n.2 from the installer, and afterwards I installed pixelserv.
"All ok", ad blocking works.

However, in some websites (for example on google.it/shopping , I make a search, I click on a choosen product to reach the destination website / seller page)
my browser returns the following error:
Il gestore di www.googleadservices.com ha configurato il sito in modo non corretto. Per evitare potenziali furti di informazioni Firefox ha interrotto la connessione.
"Questo sito utilizza il protocollo HSTS (HTTP Strict Transport Security) per garantire che la connessione con Firefox avvenga esclusivamente in modo sicuro. Per questo motivo non è possibile aggiungere un’eccezione per questo certificato." (message is in Italian, however I believe you understand the meaning)

Instead, if I disable Pixelserv, landing page looks like this:
"Impossibile contattare il server
Firefox non riesce a contattare il server www.googleadservices.com."

Could somebody tell me "why" the certificate error in the first case?
Moreover, why with some "classic" ad-blocking software (like AdBlock Plus) I get just banner removed, while with Ab-Solution I'm not able to browse websites anymore?

The only solution (in this specific case for example) is to remove www.googleadservices.com from the black list?

Thanks for support!

When you experience these errors there is only one way to get around it:
You need to install/add the pixelserv-tls certificate into the browser you are using.
Depending on what browser you are using the procedure differs but usually you click on the padlock icon in the URL bar and then select to add the certificate.

 

[MarCoMLXXV]

Depending on what browser you are using the procedure differs but usually you click on the padlock icon in the URL bar and then select to add the certificate.

I've always had the same issue, especially when clicking on Google Shopping or Google (promoted) search results. However, I never found a way to solve it, so most of the time I just manually type the url of the site suggested and search there for whatever I'm looking for. I'm mostly using Chromium or Chrome on Linux and when I get the Google Adservices error, there´s no padlock in the address bar but a red exclamation mark. When I click it, I have no option to import a certificate. It shows info on why the page isn't secure and links to a help document of Google, along with some other site-related info (cookies and stuff).

So I downloaded the pixelserv-tls ca certificate from the router and imported it through settings > advanced > security and privacy > manage certificates and imported it on the authorities tab. Now when I reload the page or restart Chromium, the error is gone, but a blank page is shown instead.

So somehow, by importing the pixelserv-tls certificate, it fixes Chromium complaining about an unsafe certificate, but the redirect stops working, resulting in a blank page. Any ideas how to fix this (if possible)? Or am I doing it the wrong way?

 

[thelonelycoder]

I've always had the same issue, especially when clicking on Google Shopping or Google (promoted) search results. However, I never found a way to solve it, so most of the time I just manually type the url of the site suggested and search there for whatever I'm looking for. I'm mostly using Chromium or Chrome on Linux and when I get the Google Adservices error, there´s no padlock in the address bar but a red exclamation mark. When I click it, I have no option to import a certificate. It shows info on why the page isn't secure and links to a help document of Google, along with some other site-related info (cookies and stuff).

So I downloaded the pixelserv-tls ca certificate from the router and imported it through settings > advanced > security and privacy > manage certificates and imported it on the authorities tab. Now when I reload the page or restart Chromium, the error is gone, but a blank page is shown instead.

So somehow, by importing the pixelserv-tls certificate, it fixes Chromium complaining about an unsafe certificate, but the redirect stops working, resulting in a blank page. Any ideas how to fix this (if possible)? Or am I doing it the wrong way?

In Firefox, I have this old addon "Google search link fix" that removes the affiliate links from Google pages.
This will likely be obsolete with one of the coming Firefox updates where only Web extensions addons are allowed.
On iOS I simply scroll down a little further to the direct link, if I ever have to do that.
Not much I or the dev's of pixelserv-tls can do about it.

Since we all want secure and untraceable web usage, and we should, this is more and more enforced by the browsers to only trust trusted certificates.
Stupidity by users led the browser developers to remove the simple ability to add self-signed certificates to the trusted chain.
Even we power users are left out with this good trend.

What needs to be possible is to have a valid certificate for non-web accessible resources such as the pixelserv-tls and a router WebUI over https.
If ever, this will be solved in another life or is available right now in a parallel Universe nearby. Or some sleight of hand by kvic or @mstombs in this life.

I have given up on trying to do it with my limited understanding and knowledge to get it to work in a way that is reasonably secure and doable.
I'm calling on my parallel Universe thelonelycoder in his free flowing work lab to help us out and send a fix through the nearest wormhole.

 

[MarCoMLXXV]

I'm calling on my parallel Universe thelonelycoder in his free flowing work lab to help us out and send a fix through the nearest wormhole.

As soon as the wormhole opens and your parallel brother in arms hands you a fix, let me know. I'm sure many others are looking forward to a solution as well. In the meantime I'll check out the Chrome extension catalog, as I recall seeing something called similar to what you mentioned and see if that makes a difference.

 

[thelonelycoder]

So somehow, by importing the pixelserv-tls certificate, it fixes Chromium complaining about an unsafe certificate, but the redirect stops working, resulting in a blank page. Any ideas how to fix this (if possible)? Or am I doing it the wrong way?

This redirect page could be blocked in the blacklist/blocking file/firewall rule.
Pay close attention through what hops that link gets resolved.

 

[MarCoMLXXV]

Fixed, at least for Google (sponsored) search results in Chrome and Chromium:
Just install this extension: https://chrome.google.com/webstore/...fix/cekfddagaicikmgoheekchngpadahmlf?hl=en-US and the search result will no longer be a redirect through Googles Adservices, but instead link directly to the page shown in the search result.

This redirect page could be blocked in the blacklist/blocking file/firewall rule.
Pay close attention through what hops that link gets resolved.

Thanks, will definitely keep that in mind. Fortunately, the extension above prohibits Google (for now) from altering it's own search results for a free tour around Googles data farm, before showing you the results you were actually expecting to see.