pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[kvic]

how can i create or get this HTTPD self-signed cert?

In Google Chrome, browse to https://router.asus.com:8443 (or https://192.168.200.1:8443 in your case).

Once the page is fully loaded, click on the padlock on the address bar. You'll see a pop-up showing you the cert. Drag the cert icon on this pop-up, and drop it on the desktop. Now you get the crt file.

 

[bayern1975]

my statistics of runing pixelserv-tls in one day and six hours.....

 

[kvic]

@bayern1975 You shall let @ryzhov_al and @zyxmon know that their package runs smooth and well..

 

[bayern1975]

i have to stop using this pixelserv-tls....I have a problem with certificate after each reboot router or computer.....all of the above possible solutions do not work....

 

[kvic]

i have to stop using this pixelserv-tls....I have a problem with certificate after each reboot router or computer.....all of the above possible solutions do not work....

I don't want to ask about your problem

Do you know the way out to uninstall..?

 

[thelonelycoder]

I don't want to ask about your problem

Do you know the way out to uninstall..?

But I would be interested what the problem is, for science reasons...

 

[bayern1975]

But I would be interested what the problem is, for science reasons...

this is the reason....if i reboot router or computer i got everytime message from kaspersky for self-signed certificate....

i have installed certificate in right place and seems to be valid....

 

[kvic]

this is the reason....if i reboot router or computer i got everytime message from kaspersky for self-signed certificate....

What certificate is this? Is that HTTPD cert?

Click "View Certificate", show the detail pls..

 

[bayern1975]

What certificate is this? Is that HTTPD cert?

Click "View Certificate", show the detail pls..

 

[kvic]

This is indeed the router's certificate for HTTPD.

The firmware generates a new certificate on every reboot if you've chosen HTTPS.

Silly default if you ask me.

There is a way to tell router to generate a certificate once for all and re-use on reboots. I think this has been raised multiple times on the forum. Anyway, here are the steps:

nvram set https_crt_save=1
nvram commit

reboot

This will generate a new certificate for HTTPD and save it in NVRAM that'll survive reboots.

After that browse to WebUI. Import the new certificate into both Windows (follow the steps of importing ca.crt) and Firefox if you're using FF.

Also

If Kaspersky still not happy, you can disable this kind of pop-up. The steps are in the second link of post #139.

 

[bayern1975]

This is indeed the router's certificate for HTTPD.

The firmware generates a new certificate on every reboot if you've chosen HTTPS.

Silly default if you ask me.

There is a way to tell router to generate a certificate once for all and re-use on reboots. I think this has been raised multiple times on the forum. Anyway, here are the steps:

nvram set https_crt_save=1
nvram commit

reboot

This will generate a new certificate for HTTPD and save it in NVRAM that'll survive reboots.

After that browse to WebUI. Import the new certificate into both Windows (follow the steps of importing ca.crt) and Firefox if you're using FF.

maybe will this help me....i done this, import certificate to windows and firefox....then reboot computer and router and kaspersky didn`t ask me again for self-signed cert....i will more testing....what about when i upgrade the firmware? then i lost this setting?

nvram set https_crt_save=1

 

[bayern1975]

another question? Ab-Solution from @thelonelycoder updating once a week and then replaced my router IP to 0.0.0.0 in adblock file? is there any solution to stay my settings there?

 

[RMerlin]

Kaspersky is one annoying piece of software. Lots of customers who used it ran into all kind of issue, as that software tries to insert itself into virtually everywhere in the OS, and raises alarms for all kind of totally inoffensive events.

Half of the time, my customer get fed up and simply move to a different less invasive software.

 

[mstombs]

another question? Ab-Solution from @thelonelycoder updating once a week and then replaced my router IP to 0.0.0.0 in adblock file? is there any solution to stay my settings there?

@thelonelycoder has many code references to 0.0.0.0, you need to ask for the redirect IP to be made a configurable variable, this sed command for example changes 127.0.0.1 to 0.0.0.0

cat \$dir/temp1 | sed 's/127.0.0.1/0.0.0.0/g;s/\r$//' |...

https://github.com/decoderman/AB-Solution/blob/master/ab-solution.sh#L593

 

[bayern1975]

@thelonelycoder has many code references to 0.0.0.0, you need to ask for the redirect IP to be made a configurable variable, this sed command for example changes 127.0.0.1 to 0.0.0.0

cat \$dir/temp1 | sed 's/127.0.0.1/0.0.0.0/g;s/\r$//' |...

https://github.com/decoderman/AB-Solution/blob/master/ab-solution.sh#L593

so, if i configured like this then will script add entries to my router IP 192.168.200.1.....or i need to do something else?

Code:

cat \$dir/temp1 | sed 's/127.0.0.1/192.168.200.1/g;s/\r$//' |...

 

[mstombs]

so, if i configured like this then will script add entries to my router IP 192.168.200.1.....or i need to do something else?

Code:

cat \$dir/temp1 | sed 's/127.0.0.1/192.168.200.1/g;s/\r$//' |...

Sorry I haven't analyzed the script in detail, might be be easier to just add it once just before the new conf file is used, there are many uses of 0.0.0.0. I do things more manually, just have a simple script to grab the pgl.yoyo domain block list

#!/bin/sh
CNF=/mnt/usb4gb/adblock.conf
WHL=/mnt/usb4gb/whitelist
ADS="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext"
AIP="192.168.66.254" # changes 127.0.0.1 to this globally
wget -O - "$ADS"|sed "s/127.0.0.1/$AIP/" | grep -Fvf $WHL >$CNF

I also have to admit I am not currently using this tls version, but have caught a lot of ad attempts recently, and most are ssl, must get round to it!:-

/mnt/usb4gb/pixelserv version: V35.HZ13 compiled: Oct 6 2015 22:34:24 options: 192.168.66.254 -p 80 -p 81 -p 8080 -p 8081 -p 443 -o 2
1760701 uts, 2051023 req, 2006 avg, 26934 rmx, 2264 tav, 4587 tmx, 0 err, 7059 tmo, 2982 cls, 0 nou, 0 pth, 3688 nfe, 203 ufe, 244 gif, 0 bad, 7304 txt, 18 jpg, 6 png, 2 swf, 2 ico, 2027069 ssl, 4 sta, 0 stt, 0 204, 1869 rdr, 573 pst, 0 hed

 

[kvic]

@mstombs

I bet something wrong with your pixelserv. A bug perhaps.

Cannot be over 98% of your 2 million ad requests are HTTPS...!

 

[mstombs]

Well I am still using the HunterZ Tomato version, which uses a very simple detection mechanism that I found
https://github.com/HunterZ/pixelserv/blob/master/socket_handler.c#L485
I know this version may record 2 or 3 requests per https ad, because the browser repeats with different security options, i suspect some device has been stuck in a loop... time to upgrade to the tls version with better logging and/or get tcpdump working...

 

[swetoast]

Pixelserv-TLS got included into Entware recently so its installable from there.

 

[jrmwvu04]

I decided to finally set up the tls version last night since it was included in the Entware repository. There's also a package for easyrsa. Getting it set up was a little different from the guide in the OP but it was close enough that I was able to figure it out. Very pleased with it so far.