What's new

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

By the way, please clear your browser cache to see that helps.

I was working in a similar vein, even though I had cleared the caches partially. But I have IE and Edge to clear on exit and I'm still seeing the issues...

For people can't see full pic, check if "postimg.cc" is in your blind list.

Ah...sorry. Here we are talking about site blocking and it didn't even occur to me that this is what you meant.
Is there a preferred/reputable image hoster that is preferred to use for posting to these forums?

About your new issue...DNS based adblock to some extent is playing a Russian roulette really.
...
If one of them doesn't load (doesn't matter hitting 0.0.0.0 or pixelserv-tls), you maybe lucky to get stunted i.e. getting some weird issue. Sounds like you run into this case. For many reasons, I don't want to discuss further since it's regarding this forum's website.

What you can do is open your browser's Web Inspector, and then follow the below guide to figure out what domains to whitelist in your script:

I think you are onto something here and this has been where I have been focusing.
Let me say that I have *NOT* removed the default whitelist entries from AB/Diversion that are there to support SNB.
I'm not looking at getting around supporting this site - however it does appear perhaps that those entries are not complete.
It does seem that when certain ads get blocked here it is sending the site into a downward spiral eating up GB of RAM.
I'll report some more on this in a bit, but I want to do more tests and ask a few more pointed questions.

BTW - is there a delay on configuring the logging parameter and when it takes effect? I had configured it on my end (tried every level up to 5) and wasn't getting anything. Then, when I was about to mention the issue here a few minutes later I checked back in syslog and events were flowing.

Btw, about your issue on intermediate CA, what's the content of your ca.crt?

I don't think I have an issue with my intermediate CA. I'm pretty sure I was mistaken/confused when viewing a generated cert directly from the cert file instead of it being served through pixelserv.
My ca.crt contains the certificate both to my intermediate and my root CA. Thus, when it serves the generated certs the chain can be established to my trusted root.
However, if I copy the generated cert and view it directly via Windows (not through pixelserv) it shows it can't be authenticated - likely because the entire cert chain isn't being supplied (and I don't have the intermediate installed on my computer).
I'm pretty sure this is normal behavior and for all intents and purposes it appears my custom certs are working fine.

I will mention one thing I found - it isn't really a problem now that I see what is going on, but I thought I'd mention it to you and others who might be interested:

I had initially generated not only ca.crt, ca.key, and ca.key.passphrase, but I also created a custom signed cert for my bound IP (10.10.10.2). I had created this with several alt_names/SAN so that I could visit the /servstats on the IP as well as my internal/external dns names. But, I couldn't get this certificate to load. After some testing I see that pixelserv is automatically generating certs to it's bound interface for any name I provide. So it will auto generate one for 10.0.0.2, pixelserv (short name), and pixelserv.mydomain.local - all signed by my intermediate installed in ca.crt.
I guess I thought it a little strange that it couldn't use my custom generated cert - but the end result gives me more or less the same functionality. It is a little messier with multiple certs, but since they are dynamically generated and are ok being volatile it's good with me!

Let me gather some more data from my end (and from some more users) and then I might have a few more direct questions for you.

thanks!
 
As requested:

Screenshot taken again after 5 minutes for comparison.

M@rco thanks for your help here. I've got some more questions for you (and others who are willing to help me out here please chime in with your data).

1) When you visit SNB forums, do you get a banner ad at the top of your page, like this (highlighted in red):

jlDBARj.png


2) If not, what do you see?

3) What country are you in

4) Are you using another adblock tool in your browser in addition to AB/Diversion/pixelserv on the router?

thanks
 
I think you are onto something here and this has been where I have been focusing.
Let me say that I have *NOT* removed the default whitelist entries from AB/Diversion that are there to support SNB.
I'm not looking at getting around supporting this site - however it does appear perhaps that those entries are not complete.
It does seem that when certain ads get blocked here it is sending the site into a downward spiral eating up GB of RAM.
I'll report some more on this in a bit, but I want to do more tests and ask a few more pointed questions.

Personally I'm a minimalist and so I'm using an adblock script less than 200 lines. When I want to support this forum, I access it through a proxy without DNS filtering.

I believe other effort in helping this forum is futile but perhaps you could contribute further with more findings.

BTW - is there a delay on configuring the logging parameter and when it takes effect? I had configured it on my end (tried every level up to 5) and wasn't getting anything. Then, when I was about to mention the issue here a few minutes later I checked back in syslog and events were flowing.

There is no delay in logging (other than filesystem sync). LEVEL 0 to 5 are verbosity in logging details. 4 shall give you URL requested and POST content etc. 5 is debugging.

I don't think I have an issue with my intermediate CA. I'm pretty sure I was mistaken/confused when viewing a generated cert directly from the cert file instead of it being served through pixelserv.
My ca.crt contains the certificate both to my intermediate and my root CA. Thus, when it serves the generated certs the chain can be established to my trusted root.

Great that the intermediate CA issue is non-issue. And clarified.

However, if I copy the generated cert and view it directly via Windows (not through pixelserv) it shows it can't be authenticated - likely because the entire cert chain isn't being supplied (and I don't have the intermediate installed on my computer).
I'm pretty sure this is normal behavior and for all intents and purposes it appears my custom certs are working fine.

It's a waste of disk space to include part or full chain of CA in every generated certificate. Hence, the design decision as you see it now.

I guess I thought it a little strange that it couldn't use my custom generated cert - but the end result gives me more or less the same functionality. It is a little messier with multiple certs, but since they are dynamically generated and are ok being volatile it's good with me!

Isn't it cool? Users only have to manage the CA cert. However, people like you might want everything to be a bit more manual. Then simply delete ca.crt/ca.key. You could supply your own certs for every domain you have stumbled or will stumble on. In this mode of operation, pixelserv-tls scores A from SSL lab test. :D
 
Hi,
I notice that when pixelserv starts it caches a cert with my pixelserv ip
Code:
Aug 27 21:14:38 RT-AC68U-4690 pixelserv-tls[4500]: sslctx_tbl_load: 10.10.10.3
i dont understand what this is for .... can anyone enlighten me?
 
Quite a few people have been using the beta report. If you want, I can add you to the list too.

@kvic, could I be added to the list for the beta report?

TKS.
 
Hi,
I notice that when pixelserv starts it caches a cert with my pixelserv ip
Code:
Aug 27 21:14:38 RT-AC68U-4690 pixelserv-tls[4500]: sslctx_tbl_load: 10.10.10.3
i dont understand what this is for .... can anyone enlighten me?

Two things to be aware of here.

The purpose of cert cache is to speed up pixelserv-tls. It was one feature added in v2.1. Most frequently used certs will be automatically loaded into cache on startup. New certs will get cached throughout the lifetime of pixelserv-tls running up to a default maximum or user specified amount through cmd line option "-C".

Your "pixelserv ip" cert is no different than any other automatic certs. When you access servstats page through through the "pixelserv ip" over HTTPS, it gets generated. It'll also get cached for speed when you access it next time.
 
lol... Unfortunately no luck with the amazon app. I use amazon canada. I tried whitelisting everything again and no luck. I even added fls-na.amazon.ca
Website works fine though. Its only the app. Same with my bank's app. The website works fine, but not the app. I will mess around with my bank's app a bit later tonight see if I can do anything about it.

I have the same problem, did you find a solution for Amazon Canada?
 
I have the same problem, did you find a solution for Amazon Canada?

Add these entries to your adblock script's whitelist
Code:
fls-na.amazon.com
fls-eu.amazon.co.uk

Restart dnsmasq on your router. Reboot your client PC or smartphone. Issue should be fixed.
 
Add these entries to your adblock script's whitelist
Code:
fls-na.amazon.com
fls-eu.amazon.co.uk

Restart dnsmasq on your router. Reboot your client PC or smartphone. Issue should be fixed.

I will try those tonight and I will let you know, I'm also having the same issues with my Desjardins Mobile apps. if someone have any clue...
 
CTRL+F5 ?
 
Hello,

i'm the http://my pixelserv ip/log=4 but i get a blank screen, I can get my stats from the servstat webpage... This is running on my 3100 Asus router with Merlin 384.7 Alpha 2

Any suggestion?

The log=4 parameter just sets your logging to 4. It is like an API/POST command...you won't see anything to the screen, but if you look back on /servstat you should see logging is now set to 4. Now in the syslog you should be getting more data from pixelserv. Personally I have seen a delay of a minute or so before the higher logging interval actually takes place and I see events reflected in the log.
 
Hello,

i'm the http://my pixelserv ip/log=4 but i get a blank screen, I can get my stats from the servstat webpage... This is running on my 3100 Asus router with Merlin 384.7 Alpha 2

Any suggestion?

pixelserv-tls sends any messages to system logger close to realtime. Here on my 56U with 380.66 + syslog-ng (from Entware that replaced firmware's syslog), logs appear immediately.

Since two users saw the same behaviour, I would guess some default behaviour in router firmware might have changed in the past year or two that cause the delay.

Any syslog-ng users see such delay by the way?
 
pixelserv-tls sends any messages to system logger close to realtime. Here on my 56U with 380.66 + syslog-ng (from Entware that replaced firmware's syslog), logs appear immediately.

Since two users saw the same behaviour, I would guess some default behaviour in router firmware might have changed in the past year or two that cause the delay.

Any syslog-ng users see such delay by the way?
I think his confusion was he thought the would see output to the browser page when sending the log=4 command.
He didn't know to check in syslog. I OTOH was actually not seeing anything out to syslog until a delay. I have reloaded my device since then and will check it again when I have a chance.
 
I think his confusion was he thought the would see output to the browser page when sending the log=4 command.
He didn't know to check in syslog. I OTOH was actually not seeing anything out to syslog until a delay. I have reloaded my device since then and will check it again when I have a chance.

Oh :)

I re-read the wiki page. There is indeed no explicit mention of tailing the log file. The author's intention was that people will naturally go to ASUSWRT's GUI and look at Administration > Syslog tab when no alternative is explicitly spelled out.

You shall try syslog-ng btw. Search this forum for the how-to thread.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top