pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[SMS786]

Just out of curiosity...would https connection requests on clients without the Pixelserv CA certificate installed be registered under the "# of dropped HTTPS requests (client disconnect without sending any request)" category?

 

[pattiri]

and here is mine test 3 running with no problem for 11 hours.

 

[kvic]

Just out of curiosity...would https connection requests on clients without the Pixelserv CA certificate installed be registered under the "# of dropped HTTPS requests (client disconnect without sending any request)" category?

We cannot rule out there are genuine clients behaving like that. For example, during rapid browsing, you switch to a new page (or close the page) while the previous page is still being loaded.

Given that said, you're right that a majority of counts, if not all, registered under slc shall belong to clients without Pixelserv CA cert imported.

Note that such counts for HTTPS are also registered under cls. But such counts for HTTP only register in cls not slc.

 

[kvic]

and here is mine test 3 running with no problem for 11 hours.

View attachment 12221

Thanks. Note that in both @Makaveli and your cases, near 90% (slc/req) of ad requests are HTTPS. But seems both of you don't have the CA cert imported in your main browsing devices (like desktop or phone). That's perfectly fine.

Though with the CA cert imported, you might notice a smoother browsing experience, especially on desktop with ad heavy sites such as CNN, Foxnews and Daily Mail..

Perhaps consider spending sometime over the weekend to go through this guide Import ca.crt into clients.

 

[SMS786]

We cannot rule out there are genuine clients behaving like that. For example, during rapid browsing, you switch to a new page (or close the page) while the previous page is still being loaded.

Given that said, you're right that a majority of counts, if not all, registered under slc shall belong to clients without Pixelserv CA cert imported.

Note that such counts for HTTPS are also registered under cls. But such counts for HTTP only register in cls not slc.

Great to know, thanks. Installing the ps certs on all the fam's devices is still a work in progress

 

[Raphie]

After 17h

slh    1205    # of accepted HTTPS requests
slm    122    # of rejected HTTPS requests (missing certificate)
sle    0    # of rejected HTTPS requests (certificate available but bad)
slc    565    # of dropped HTTPS requests (client disconnect without sending any request)
slu    690    # of dropped HTTPS requests (unknown error)
sct    69    ssl cache: # of cached cert
sch    1777    ssl cache: # of cache hit
scm    191    ssl cache: # of cache miss
scp    0    ssl cache: # of purge to free up slots

 

[pattiri]

Thanks. Note that in both @Makaveli and your cases, near 90% (slc/req) of ad requests are HTTPS. But seems both of you don't have the CA cert imported in your main browsing devices (like desktop or phone). That's perfectly fine.

Though with the CA cert imported, you might notice a smoother browsing experience, especially on desktop with ad heavy sites such as CNN, Foxnews and Daily Mail..

Perhaps consider spending sometime over the weekend to go through this guide Import ca.crt into clients.

well, both my PC and phone are high end devices. on my desktop firefox can use up to 4 gb of ram but still everything is smooth. I'm not sure if this is related but I've imported CA cert to both. Thank you for the advise and the good work

 

[jrmwvu04]

In chronological order of additions into pixelserv-tls, we have

• cache certificates on disk (~2.5 yrs ago; initial version)
• cache connections as persistent connections (~3 mths ago; v2.0)
• cache certs and TLS sessions in the latest ssl cache

It is easy to forget how far the responsiveness has come, let alone the utility. Was not so long ago that it was quite different, with response times in the 100s of ms.

Great to know, thanks. Installing the ps certs on all the fam's devices is still a work in progress

If you don’t import certs, you’re forfeiting a lot of the benefits of pixelserv-tls. Also those warning notifications will get tedious not only for yourself, but also for any less tech savvy users who may be on your WiFi. Trust me. It is a bit of a pain, but the payoff is worth it.

Also, it causes people to hastily dismiss browser security warnings which while might be beyond your control, is something you don’t want to contribute to.

 

[thelonelycoder]

AB-Solution 3.11.2 is now available
Use cu to update to this latest version.

What's new in version 3.11.2
Compatibility updates due to upcoming pixelserv-tls v2.1.x changes.
- AB-Solution UI now shows the currently installed version. For pixelserv-tls v35.HZ12.Kk and older the version is shown as "likely v.Kk"
- Updating or upgrading Entware packages through the AB UI only restarts pixelserv-tls if a newer version has been installed
- Version compatibility changes due to an upcoming pixelserv-tls version numbering change
- Added support for pixelserv-tls -c and -A switch (version 2.1.x and higher only)

 

[jrmwvu04]

AB-Solution 3.11.2 is now available

Not that I mind, but it seems as though you might be in the wrong spot.

Edit: perhaps not. carry on, friend.

 

[thelonelycoder]

Not that I mind, but it seems as though you might be in the wrong spot.

These updates are all because of upcoming pixelserv-tls changes.
My post targets the audience with AB installed and are likely to browse this thread.

 

[thelonelycoder]

Edit: perhaps not. carry on, friend.

No problem. I appreciate your thorough testing and reporting here. And your keen eye!

 

[jrmwvu04]

These updates are all because of upcoming pixelserv-tls changes.
My post targets the audience with AB installed and are likely to browse this thread.

I pieced it together after I saw the post was already in the AB thread. While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?

 

[thelonelycoder]

While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?

To obscure the ps stats for others. It was requested by a semi-commercial user of pixelserv-tls for his installation.
Since the switch is there and could also be useful for users of AB I added it. See the GitHub thread or the ps website for more info.

 

[Raphie]

Thank you @thelonelycoder appreciate all the hard work!

 

[kvic]

I pieced it together after I saw the post was already in the AB thread. While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?

Option '-A' is actually already in Km-test.3. Likely won't be needed for a small LAN or by most users at home. When I thought about it, might not be a bad idea. For example, someone with a smart kid who decides to spank his dad's router by turning on "/log=5" with "http://listen ip/log=5." This is going to swamp most home router's syslog and eventually a crash.

With '-A', users can apply firewall rules on what IPs and etc are allowed to access "/log" and "/servstats" and future commands that I might dream up. I mentioned this feature on my blog with Km-test.3 and also has a ticket #5 on GitHub.

I mentioned this user's project before in this thread as well as on Wiki. His project is open for public use. I'm actually not sure if the project is of commercial nature or any sort. I didn't ask for details either.

 

[kvic]

New beta version Km-test.4 aka v2.1.0-test.4

Thanks again for all the testing on the prior versions.

This version includes a few new features, notably prefetch ssl cache from disk and save part of ssl cache to disk on exit. All automatic. Once users are familiar with it, can customise the list for prefetch as initial condition.

And added a disk benchmark option '-B'. Pls reead the details on my blog for a demo. Also new is log LEVEL 3 to see what's prefetch into and possibly purged from ssl cache.

For details in this test version and the upcoming v2.1.0 release, pls read the latest on kazoo.ga/pixelserv-tls.

Entware (ARMv7, mipsel, ARMv8) users can use the one liner below as usual or otherwise to install.

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

Will appreciate any feedback.

 

[Raphie]

Installed, will let you know.

 

[Protik]

New beta version Km-test.4 aka v2.1.0-test.4

Thanks again for all the testing on the prior versions.

This version includes a few new features, notably prefetch ssl cache from disk and save part of ssl cache to disk on exit. All automatic. Once users are familiar with it, can customise the list for prefetch as initial condition.

And added a disk benchmark option '-B'. Pls reead the details on my blog for a demo. Also new is log LEVEL 3 to see what's prefetch into and possibly purged from ssl cache.

For details in this test version and the upcoming v2.1.0 release, pls read the latest on kazoo.ga/pixelserv-tls.

Entware (ARMv7, mipsel, ARMv8) users can use the one liner below as usual or otherwise to install.

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

Will appreciate any feedback.

Installed and working perfectly. I am loving the prefetch ssl cache option. That would make everything much faster! The ssl cache restores the cache without any issues so far. Will let you know of any development.

 

[jrmwvu04]

With '-A', users can apply firewall rules on what IPs and etc are allowed to access "/log" and "/servstats" and future commands that I might dream up.

Makes sense. I never thought about it that way.

New beta version Km-test.4 aka v2.1.0-test.4

Away we go...