Menu
What's new
By:
Filters Better Search

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DonnyJohnny said:
By the way, please clear your browser cache to see that helps.
Click to expand...

I was working in a similar vein, even though I had cleared the caches partially. But I have IE and Edge to clear on exit and I'm still seeing the issues...

kvic said:
For people can't see full pic, check if "postimg.cc" is in your blind list.
Click to expand...

Ah...sorry. Here we are talking about site blocking and it didn't even occur to me that this is what you meant.
Is there a preferred/reputable image hoster that is preferred to use for posting to these forums?

kvic said:
About your new issue...DNS based adblock to some extent is playing a Russian roulette really.
...
If one of them doesn't load (doesn't matter hitting 0.0.0.0 or pixelserv-tls), you maybe lucky to get stunted i.e. getting some weird issue. Sounds like you run into this case. For many reasons, I don't want to discuss further since it's regarding this forum's website.

What you can do is open your browser's Web Inspector, and then follow the below guide to figure out what domains to whitelist in your script:
Click to expand...

I think you are onto something here and this has been where I have been focusing.
Let me say that I have *NOT* removed the default whitelist entries from AB/Diversion that are there to support SNB.
I'm not looking at getting around supporting this site - however it does appear perhaps that those entries are not complete.
It does seem that when certain ads get blocked here it is sending the site into a downward spiral eating up GB of RAM.
I'll report some more on this in a bit, but I want to do more tests and ask a few more pointed questions.

BTW - is there a delay on configuring the logging parameter and when it takes effect? I had configured it on my end (tried every level up to 5) and wasn't getting anything. Then, when I was about to mention the issue here a few minutes later I checked back in syslog and events were flowing.

kvic said:
Btw, about your issue on intermediate CA, what's the content of your ca.crt?
Click to expand...

I don't think I have an issue with my intermediate CA. I'm pretty sure I was mistaken/confused when viewing a generated cert directly from the cert file instead of it being served through pixelserv.
My ca.crt contains the certificate both to my intermediate and my root CA. Thus, when it serves the generated certs the chain can be established to my trusted root.
However, if I copy the generated cert and view it directly via Windows (not through pixelserv) it shows it can't be authenticated - likely because the entire cert chain isn't being supplied (and I don't have the intermediate installed on my computer).
I'm pretty sure this is normal behavior and for all intents and purposes it appears my custom certs are working fine.

I will mention one thing I found - it isn't really a problem now that I see what is going on, but I thought I'd mention it to you and others who might be interested:

I had initially generated not only ca.crt, ca.key, and ca.key.passphrase, but I also created a custom signed cert for my bound IP (10.10.10.2). I had created this with several alt_names/SAN so that I could visit the /servstats on the IP as well as my internal/external dns names. But, I couldn't get this certificate to load. After some testing I see that pixelserv is automatically generating certs to it's bound interface for any name I provide. So it will auto generate one for 10.0.0.2, pixelserv (short name), and pixelserv.mydomain.local - all signed by my intermediate installed in ca.crt.
I guess I thought it a little strange that it couldn't use my custom generated cert - but the end result gives me more or less the same functionality. It is a little messier with multiple certs, but since they are dynamically generated and are ok being volatile it's good with me!

Let me gather some more data from my end (and from some more users) and then I might have a few more direct questions for you.

thanks!
 
M@rco said:
As requested:

Screenshot taken again after 5 minutes for comparison.
Click to expand...

M@rco thanks for your help here. I've got some more questions for you (and others who are willing to help me out here please chime in with your data).

1) When you visit SNB forums, do you get a banner ad at the top of your page, like this (highlighted in red):

jlDBARj.png


2) If not, what do you see?

3) What country are you in

4) Are you using another adblock tool in your browser in addition to AB/Diversion/pixelserv on the router?

thanks
 
bengalih said:
I think you are onto something here and this has been where I have been focusing.
Let me say that I have *NOT* removed the default whitelist entries from AB/Diversion that are there to support SNB.
I'm not looking at getting around supporting this site - however it does appear perhaps that those entries are not complete.
It does seem that when certain ads get blocked here it is sending the site into a downward spiral eating up GB of RAM.
I'll report some more on this in a bit, but I want to do more tests and ask a few more pointed questions.
Click to expand...

Personally I'm a minimalist and so I'm using an adblock script less than 200 lines. When I want to support this forum, I access it through a proxy without DNS filtering.

I believe other effort in helping this forum is futile but perhaps you could contribute further with more findings.

BTW - is there a delay on configuring the logging parameter and when it takes effect? I had configured it on my end (tried every level up to 5) and wasn't getting anything. Then, when I was about to mention the issue here a few minutes later I checked back in syslog and events were flowing.
Click to expand...

There is no delay in logging (other than filesystem sync). LEVEL 0 to 5 are verbosity in logging details. 4 shall give you URL requested and POST content etc. 5 is debugging.

I don't think I have an issue with my intermediate CA. I'm pretty sure I was mistaken/confused when viewing a generated cert directly from the cert file instead of it being served through pixelserv.
My ca.crt contains the certificate both to my intermediate and my root CA. Thus, when it serves the generated certs the chain can be established to my trusted root.
Click to expand...

Great that the intermediate CA issue is non-issue. And clarified.

However, if I copy the generated cert and view it directly via Windows (not through pixelserv) it shows it can't be authenticated - likely because the entire cert chain isn't being supplied (and I don't have the intermediate installed on my computer).
I'm pretty sure this is normal behavior and for all intents and purposes it appears my custom certs are working fine.
Click to expand...

It's a waste of disk space to include part or full chain of CA in every generated certificate. Hence, the design decision as you see it now.

I guess I thought it a little strange that it couldn't use my custom generated cert - but the end result gives me more or less the same functionality. It is a little messier with multiple certs, but since they are dynamically generated and are ok being volatile it's good with me!
Click to expand...

Isn't it cool? Users only have to manage the CA cert. However, people like you might want everything to be a bit more manual. Then simply delete ca.crt/ca.key. You could supply your own certs for every domain you have stumbled or will stumble on. In this mode of operation, pixelserv-tls scores A from SSL lab test. :D
 
Hi,
I notice that when pixelserv starts it caches a cert with my pixelserv ip
Code: 
Aug 27 21:14:38 RT-AC68U-4690 pixelserv-tls[4500]: sslctx_tbl_load: 10.10.10.3
i dont understand what this is for .... can anyone enlighten me?
 
kvic said:
Quite a few people have been using the beta report. If you want, I can add you to the list too.
Click to expand...

@kvic, could I be added to the list for the beta report?

TKS.
 
tomsk said:
Hi,
I notice that when pixelserv starts it caches a cert with my pixelserv ip
Code: 
Aug 27 21:14:38 RT-AC68U-4690 pixelserv-tls[4500]: sslctx_tbl_load: 10.10.10.3
i dont understand what this is for .... can anyone enlighten me?
Click to expand...

Two things to be aware of here.

The purpose of cert cache is to speed up pixelserv-tls. It was one feature added in v2.1. Most frequently used certs will be automatically loaded into cache on startup. New certs will get cached throughout the lifetime of pixelserv-tls running up to a default maximum or user specified amount through cmd line option "-C".

Your "pixelserv ip" cert is no different than any other automatic certs. When you access servstats page through through the "pixelserv ip" over HTTPS, it gets generated. It'll also get cached for speed when you access it next time.
 
MasterBash said:
lol... Unfortunately no luck with the amazon app. I use amazon canada. I tried whitelisting everything again and no luck. I even added fls-na.amazon.ca
Website works fine though. Its only the app. Same with my bank's app. The website works fine, but not the app. I will mess around with my bank's app a bit later tonight see if I can do anything about it.
Click to expand...

I have the same problem, did you find a solution for Amazon Canada?
 
Sebastien Bougie said:
I have the same problem, did you find a solution for Amazon Canada?
Click to expand...

Add these entries to your adblock script's whitelist
Code: 
fls-na.amazon.com
fls-eu.amazon.co.uk

Restart dnsmasq on your router. Reboot your client PC or smartphone. Issue should be fixed.
 
kvic said:
Add these entries to your adblock script's whitelist
Code: 
fls-na.amazon.com
fls-eu.amazon.co.uk

Restart dnsmasq on your router. Reboot your client PC or smartphone. Issue should be fixed.
Click to expand...

I will try those tonight and I will let you know, I'm also having the same issues with my Desjardins Mobile apps. if someone have any clue...
 
CTRL+F5 ?
 
Sebastien Bougie said:
Hello,

i'm the http://my pixelserv ip/log=4 but i get a blank screen, I can get my stats from the servstat webpage... This is running on my 3100 Asus router with Merlin 384.7 Alpha 2

Any suggestion?
Click to expand...

The log=4 parameter just sets your logging to 4. It is like an API/POST command...you won't see anything to the screen, but if you look back on /servstat you should see logging is now set to 4. Now in the syslog you should be getting more data from pixelserv. Personally I have seen a delay of a minute or so before the higher logging interval actually takes place and I see events reflected in the log.
 
Sebastien Bougie said:
Hello,

i'm the http://my pixelserv ip/log=4 but i get a blank screen, I can get my stats from the servstat webpage... This is running on my 3100 Asus router with Merlin 384.7 Alpha 2

Any suggestion?
Click to expand...

pixelserv-tls sends any messages to system logger close to realtime. Here on my 56U with 380.66 + syslog-ng (from Entware that replaced firmware's syslog), logs appear immediately.

Since two users saw the same behaviour, I would guess some default behaviour in router firmware might have changed in the past year or two that cause the delay.

Any syslog-ng users see such delay by the way?
 
kvic said:
pixelserv-tls sends any messages to system logger close to realtime. Here on my 56U with 380.66 + syslog-ng (from Entware that replaced firmware's syslog), logs appear immediately.

Since two users saw the same behaviour, I would guess some default behaviour in router firmware might have changed in the past year or two that cause the delay.

Any syslog-ng users see such delay by the way?
Click to expand...
I think his confusion was he thought the would see output to the browser page when sending the log=4 command.
He didn't know to check in syslog. I OTOH was actually not seeing anything out to syslog until a delay. I have reloaded my device since then and will check it again when I have a chance.
 
bengalih said:
I think his confusion was he thought the would see output to the browser page when sending the log=4 command.
He didn't know to check in syslog. I OTOH was actually not seeing anything out to syslog until a delay. I have reloaded my device since then and will check it again when I have a chance.
Click to expand...

Oh :)

I re-read the wiki page. There is indeed no explicit mention of tailing the log file. The author's intention was that people will naturally go to ASUSWRT's GUI and look at Administration > Syslog tab when no alternative is explicitly spelled out.

You shall try syslog-ng btw. Search this forum for the how-to thread.
 
You must log in or register to reply here.

Similar threads

MegaMango
dnsmasq-surrogate for RT-BE88U: Ad Blocking & Security Enhancement
Replies
2
Views
569
MegaMango
MegaMango
L
pixelserv SOLVED - Is PixelServ WebGui script trustworthy at the moment? Redirects to strange website...
Replies
10
Views
4K
gspannu
gspannu
thelonelycoder
Diversion Need help with selecting new set of filter lists / block lists for Diversion 5.0
2
Replies
21
Views
4K
thelonelycoder
thelonelycoder
blacksheep
pixelserv Does "How to best run Pixelserv tls on asuswrt" still apply?
Replies
3
Views
3K
elorimer
E
garycnew
Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD
Replies
13
Views
3K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
C Diversion Pixelserv replacement Asuswrt-Merlin AddOns 2
L Is Diversion better than NextDNS, PiHole or AdGuard Home? Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 888 (members: 18, guests: 870)
Top