Menu
What's new
By:
Filters Better Search

Diversion https ads being allowed

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SomeWhereOverTheRainBow said:
This could also be an issue specific to iOS and their policies for handling certificates (specifically pixelserv-tls uses user made certificates.).
Click to expand...
Right. I imported it into my Mac but haven’t into my phone yet. I saw it wasn’t required but I guess could help. I saw that you can do this for the router also..is that recommended?
 
SomeWhereOverTheRainBow said:
You should be doing fine. The https traffic you see being returned for the "blocked" domains should be pixelservtls responding with its pixel obviously it would be as if you did not see an ad appearance wise because where the ad would have been you would have a tiny pixel. Any non https should be blocked as A.

With pixelserv tls disabled , and Diversion lite, your https will just time out, and you would see blank ad space where the ad normally would be, but fails to load.
Click to expand...
So https according to the Logs should show blocked if it’s an ad? Mine is showing blocked for A record and then shows allowed for the same url over https.
 
Ellenswamy said:
So https according to the Logs should show blocked if it’s an ad? Mine is showing blocked for A record and then shows allowed for the same url over https.
Click to expand...
Okay can you be more specific? are you able to see this ad you are observing in an actual browser at the same time you are observing it being allowed in the logs?
 
SomeWhereOverTheRainBow said:
Okay can you be more specific? are you able to see this ad you are observing in an actual browser at the same time you are observing it being allowed in the logs?
Click to expand...
Ok so now it seems to be acting as expected. I reinstalled diversion yesterday and also changed Merlin to force doh to yes. I wonder if that was part of the issue, was set to auto before.

since my % blocked went from about 1.5% to almost 14%
 
Ellenswamy said:
Ok so now it seems to be acting as expected. I reinstalled diversion yesterday and also changed Merlin to force doh to yes. I wonder if that was part of the issue, was set to auto before.

since my % blocked went from about 1.5% to almost 14%
Click to expand...
I noticed a similar behavior one time, but I wasn't able to replicate it later on so I assumed it went away. Maybe it could be an issue with auto at the firmware level. @RMerlin would have to look into that. I am not going to pretend to know what goes on in those lines of code in the firmware. I notice on my router settings I have mine set to yes as well.
 
Ellenswamy said:
So https according to the Logs should show blocked if it’s an ad? Mine is showing blocked for A record and then shows allowed for the same url over https.
Click to expand...
I had this issue before that DNS query type 65 (https) is not blocked. I could not recall for what reason I removed tls certificate from my device. Anyway, I manage to use iptables to blanket block all DNS query type 65. You may give it a try.

www.snbforums.com

Diversion - Seeing Ads (Mobile/Tablets)

It actually blocks the character 65, so it also blocks dns queries with a total length of 65 lol. It seems better to create custom firmware using the source below. https://github.com/rozahp/dnsmasq Like others I found a few normal query blocked due to this as well. I tested by manually adding...
www.snbforums.com www.snbforums.com
 
chongnt said:
I had this issue before that DNS query type 65 (https) is not blocked. I could not recall for what reason I removed tls certificate from my device. Anyway, I manage to use iptables to blanket block all DNS query type 65. You may give it a try.

www.snbforums.com

Diversion - Seeing Ads (Mobile/Tablets)

It actually blocks the character 65, so it also blocks dns queries with a total length of 65 lol. It seems better to create custom firmware using the source below. https://github.com/rozahp/dnsmasq Like others I found a few normal query blocked due to this as well. I tested by manually adding...
www.snbforums.com www.snbforums.com
Click to expand...
I am confused at how to run this, still a newb lol. Also any downsides?
 
Ellenswamy said:
I am confused at how to run this, still a newb lol. Also any downsides?
Click to expand...
You can apply it in ssh. It blocks all DNS query type 65, so such request will not even reach diversion. I don’t face any downside. You can run the unblock commands to remove it or a reboot will clear it.
 
chongnt said:
You can apply it in ssh. It blocks all DNS query type 65, so such request will not even reach diversion. I don’t face any downside. You can run the unblock commands to remove it or a reboot will clear it.
Click to expand...
Ah ok. So after a reboot you will have to reapply
 
You must log in or register to reply here.

Similar threads

M
Diversion Diversion 5.3 Dnsmasq log file location
Replies
2
Views
384
EmeraldDeer
EmeraldDeer
R
Would any of this make my browsing more secure? (WAN DNS settings)
2
Replies
20
Views
3K
aru
aru
B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
978
easyriider
easyriider
B
Unbound unbound/WAN settings
2
Replies
31
Views
3K
aru
aru
L
Diversion Diversion not blocking so many ads - help!
2
Replies
26
Views
3K
thelonelycoder
thelonelycoder
Similar threads
Thread starter Title Forum Replies Date
Y Diversion Diversion Not Blocking Ads Asuswrt-Merlin AddOns 9
L Diversion Diversion not blocking so many ads - help! Asuswrt-Merlin AddOns 26

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 604 (members: 22, guests: 582)
Top