pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[Nullity]

Is there a quick way to temporarily disable blocking for a certain site?

This is the primary reason I run blockers on clients.

 

[XIII]

Pixelserv doesn't know about the "http connect" tunnel method hence the response. I guess that is a method for a real proxy server? If you ask for <pixelserv.ip>:8080/anything.gif you will get the null pixel, same for png, swf etc

Indeed. Thank you for confirming.

I guess I have some investigation/reading to do before further experiments...

 

[mstombs]

Is there a quick way to temporarily disable blocking for a certain site?

This is the primary reason I run blockers on clients.

pixelserv doesn't know about original web sites, it only gets whatever is re-directed by the adblocking method, running adblockplus in compatible browser always going to be better. Personally I use a vpn to bypass the router altogether if there's a site I need to get do but broken by adblocking.

 

[Nullity]

pixelserv doesn't know about original web sites, it only gets whatever is re-directed by the adblocking method, running adblockplus in compatible browser always going to be better. Personally I use a vpn to bypass the router altogether if there's a site I need to get do but broken by adblocking.

The pixelserv HTTP(S) server gets no "Host:" header?

 

[mstombs]

I guess it does get the host: line in http/1.1 header, but current http handling code doesn't even parse the info.
The https ssl bit of course knows the intended site name for the secure connection establishment, but doesn't have a whitelist or know how to forward to true IP.

To whitelist individual sites really down to your adblock script which configures dnsmasq, but a change to config and restart of dnsmasq quite disruptive to other users of router I suspect.

 

[kvic]

i upgrade yesterday merlin firmware from 380.59 alpha 1 to 380.59 beta1.....then i do factory reset and lost https certificate to my router.....is there an option to save certificate and use it for future upgrade of firmware?

One way to achieve what you want was already mentioned a few posts before you asked

Here is a direct link for lazy people: http://www.snbforums.com/threads/pi...ebserver-for-adblock.26114/page-9#post-252339

 

[kvic]

Thank you for creating this!

I would like to use this (manually, without Entware) in combination with an automatic HTTP-Proxy (proxy.pac file) on my iOS devices.

1) So far all my attempts failed until I used my external (ISP) IP address (or the *.asuscomm.com DDNS address) instead of my internal (192.168.x.y) IP address as the first pixelserv parameter. Is it supposed to work like this? (Did I not understand correctly by trying a local address?)

This shall work as long as your http-proxy is properly setup on your router or a discrete server on your LAN. Need not run pixelserv on WAN IP.

As a side note, I use VPN for the same purpose. The overhead in VPN is offset extremely well by data saved from blocked ad/trackers.

 

[XIII]

This shall work as long as your http-proxy is properly setup on your router or a discrete server on your LAN. Need not run pixelserv on WAN IP.

Unfortunately I plan to use a proxy.pac file (that does the filtering) on the iOS devices themselves, also outside of my home.

 

[kvic]

Unfortunately I plan to use a proxy.pac file (that does the filtering) on the iOS devices themselves, also outside of my home.

proxy.pac shall be tiny in size and simple in its logics. Using it like some sort of hosts file is a very bad idea IMO...

On iOS proxy.pac is retrieved repeatedly more frequent than people ever thought. I would bet similar on Android. So if you have a 1 MiB of proxy.pac, much bandwidth is wasted on getting this file.

As long as the http proxy on your LAN, it'll benefit from a DNS based adblock strategy. Personally I prefer VPN back to my LAN 'cos it additionally protects traffic over non-secure networks such as public wifi.

 

[XIII]

The proxy.pac file I use is 20K. I was under the impression this file is cached and only loaded (again) when you switch WiFi networks. Did I get this wrong?

Outside of my home I do use a VPN, but a commercial one (with OpenVPN on my router as a fallback), since I have a cable connection whose upload speed is only 10% of the download speed (but that upload speed would be the download speed when using my own VPN).

My main idea was to install the proxy.pac file on some iOS devices of family members not living in my house. I would like to use the DIRECT command for normal traffic and only reroute ads to my router to block them. This is based on the way Weblock works, but using my router instead of abusing Google's DNS servers. In fact, pixelserv already does that (since I "abuse" that in a similar way), but I would like to take it 1 step further by returning transparent images instead of a 5xx error code.

 

[kvic]

but I would like to take it 1 step further by returning transparent images instead of a 5xx error code.

Do you have Squid3 or another http proxy running on your router? If so, you shall get "one pixel" responses..

 

[XIII]

No, but I was planning to look into Privoxy.

I will add Squid3 to my list. Thank you!

 

[XIII]

Kind of got it working with the noproxy script from John Loverso after installing xinetd via Entware.

However, I prefer a setup without a USB stick (so without Entware?), but I'm not sure how to achieve that.

Anyway, I'm definitely off-topic now. Sorry! (I will start a new thread if I continue this "quest")

 

[mstombs]

That script is an ancient version of pixelserv written in bash, does it work by just ignoring the "CONNECT" method? The original perl pixelserv used a version of inetd to handle the sockets, and there was once a C version that would would emulate this - for dd-wrt folk. Not very relevant to this thread - I don't see any https ssl tls code!

 

[XIII]

That script is an ancient version of pixelserv written in bash, does it work by just ignoring the "CONNECT" method? The original perl pixelserv used a version of inetd to handle the sockets, and there was once a C version that would would emulate this - for dd-wrt folk. Not very relevant to this thread - I don't see any https ssl tls code!

Yes, you're right.

 

[majnu]

I need something to replace AB Solution but this seems incredibly difficult to understand.

 

[mstombs]

pixelserv is an addition to adblock scripts, not a replacement. It just creates a target for sites blocked by dns poisoning rather than using the client PC itsel via 127.0.0.1 or 0.0.0.0. The original intention was to provide small blank gifs which allow web pages to collapse white space that were intended for image ads - but few ads are now served like that - so pixelserv just tries to handshake with the browser shutting down connection attempts as quickly as possible. Most ads are now served by the browser making secure https connections - pixelserv-tls now handles these correctly if browser told to accept its certificate. I have not seen a problem with devices that do not accept the certificate - it seems pixelserv-tls still avoids timeouts and retries.

 

[kvic]

I need something to replace AB Solution but this seems incredibly difficult to understand.

Maybe start with ublockr and its installation guide which works with pixelserv

 

[elorimer]

Maybe start with ublockr and its installation guide which works with pixelserv

I am betwixt AB Solution and ublockr. With AB Solution it is pretty clear what lists you are pulling from, and you can change how extensive they are. With ublockr you don't have any idea what you are pulling from. I like the cleaner look pixelserv ends up with and found ublockr an easy way to get it running. But I didn't like ublockr running every night and writing to jffs (although I think that is changed). So I've used AB Solution to create the list, edited it to replace the 0.0.0.0 with the router's ip address, and put the result where ublockr expects it. It works on my N66 but on my AC87 I still get the broken icon so I think I've done something wrong. Also, I don't think I'm handling the https part right.

Just a long winded explanation that I'm my own worst enemy and would benefit from a walkthrough for ublockr that was as clear as AB Solution.

 

[jrmwvu04]

I am betwixt AB Solution and ublockr. With AB Solution it is pretty clear what lists you are pulling from, and you can change how extensive they are. With ublockr you don't have any idea what you are pulling from. I like the cleaner look pixelserv ends up with and found ublockr an easy way to get it running. But I didn't like ublockr running every night and writing to jffs (although I think that is changed). So I've used AB Solution to create the list, edited it to replace the 0.0.0.0 with the router's ip address, and put the result where ublockr expects it. It works on my N66 but on my AC87 I still get the broken icon so I think I've done something wrong. Also, I don't think I'm handling the https part right.

Just a long winded explanation that I'm my own worst enemy and would benefit from a walkthrough for ublockr that was as clear as AB Solution.

Blocking addresses with dnsmasq and pixelserv are two separate things. The way you explained it seems a little.. complicated, I guess.

It's basically these elements: A script to put together a blocklist and save it to a file in the right format, dnsmasq.conf.add in /jffs/config that points to that blocklist file, and pixelserv.

I run pixelserv-tls with no config options, so it listens on the default ports of 80 and 443, and installed it from Entware which was incredibly easy. I moved the web gui off of port 80 to make that simpler. I wrote my own script based on what has been around for a number of years, going back to my linksys wrt54gl days. That's pretty much all there is to it.

Which part or parts is the trouble? Are you using a usb disk? What firmware version? Are you comfortable with the command line?