Jump to content
RESET Forums (homeservershow.com)

Ad Blockers


Recommended Posts

GavinCampbell

I use to be ok with ad's.  I don't mind them trying to make a living off of my views.  However I drew the line when the ads started playing videos and making sounds and being very intrusive.  When I have 30 windows open just trying to find that one ad is a killer.

Link to post
Share on other sites
  • Replies 33
  • Created
  • Last Reply

Top Posters In This Topic

  • Drashna Jaelre

    9

  • Poppapete

    8

  • oj88

    6

  • ikon

    6

Top Posters In This Topic

Popular Posts

Wife's computer, tablet, phone, Your computer, tablet, phone, Son's computer, tablet, phone, Daughter's computer, tablet, phone, Xbox, PS3, PS4, HTPC, server, TV, Baby monitor, router, printer,

Poppapete

I finally found time to blocks about 100 web service application in sophos.  Works well so far.  I figure all it is doing is blocking these in the router before they get to the browser. Don't know if that is a better way than letting ABP do its thing later at the browser level!

Link to post
Share on other sites
Drashna Jaelre

Also using Adblock Plus with Firefox on clients that supports it. I know Untangle also has a specific module using the same adblock engine. I went for the more dirty approach with pfSense.

 

One disadvantage I've seen with pfSense's implementation is that it can't block ads that are using https/SSL. The good news is (if you call it that), it only accounts for a relatively small number of ad domains.

pfSense absolutely allows you to do this, but it's a LOT harder to set up, IIRC.  Any package that uses Squid should do this. 

https://forum.pfsense.org/index.php?topic=72528.0

 

It's the "transparent proxy" stuff. But you also need to have a trusted CA (certificate authority) to resign all of the HTTPS certificates.

That's part of why I love Essentials.... It IS a CA, meaning that any client connected to Essentials will trust that CA, which means you just need to export the certificate into a "linux/OpenSSL compatible format". 

 

However, this is why I really fell in love with Sophos UTM. Not only does it not require a CA certificate (it can just inspect via URL), but if you do want to do the "deep scan"... you just need to export the certificate to the right format and import it into Sophos. Then you can scan HTTPS pages as well.

 

 

 

How timely. I literally just reinstalled ABP. I know ads are necessary, but they've become so bad

that it slows your browsing speed to a glacial pace. 

Exactly.

 

I try to allow the less obtrusive ones and then filter them per site with AdBlock.

This works great and allows me to selectively support the sites I want without killing the speed.

 

Also, blocking the ads at the gateway (router) level means that mobile devices and .... CONSOLES get filtered as well!

No more xbox ad tiles. :P

Link to post
Share on other sites

pfSense absolutely allows you to do this, but it's a LOT harder to set up, IIRC.  Any package that uses Squid should do this. 

https://forum.pfsense.org/index.php?topic=72528.0

 

It's the "transparent proxy" stuff. But you also need to have a trusted CA (certificate authority) to resign all of the HTTPS certificates.

That's part of why I love Essentials.... It IS a CA, meaning that any client connected to Essentials will trust that CA, which means you just need to export the certificate into a "linux/OpenSSL compatible format". 

 

However, this is why I really fell in love with Sophos UTM. Not only does it not require a CA certificate (it can just inspect via URL), but if you do want to do the "deep scan"... you just need to export the certificate to the right format and import it into Sophos. Then you can scan HTTPS pages as well.

I think I saw a different thread that says that ssl/https filtering doesn't work with transparent proxy. I definitely wouldn't want to type in the proxy settings on all devices. Anyway, I think I'll take a look at the link you posted.

 

I would've moved to Sophos a looong time ago if I had fewer than 50 IP addresses.

Link to post
Share on other sites
Drashna Jaelre

I think I saw a different thread that says that ssl/https filtering doesn't work with transparent proxy. I definitely wouldn't want to type in the proxy settings on all devices. Anyway, I think I'll take a look at the link you posted.

 

I would've moved to Sophos a looong time ago if I had fewer than 50 IP addresses.

Transparent proxy should definitely work on pfsense, bit it's going to be a lot more difficult to setup. Also, there is supposed to be some sort of option to push the proxy configuration to clients....

 

 

As for the 50 IP addresses... touche. And yeah, that's Sophos' biggest downfall (at least for high end homes)

Link to post
Share on other sites
GavinCampbell

Just saw this morning that uBlock finally released a beta of their client for firefox.  uBlock is being praised as a very lightweight alternative to adblock which should work just as well as they use similar lists for blocking.  It was only on chrome.  I'm going to give it a shot.

 

http://lifehacker.com/ublock-the-memory-friendly-ad-blocker-is-now-availabl-1681818949

Link to post
Share on other sites

As for the 50 IP addresses... touche. And yeah, that's Sophos' biggest downfall (at least for high end homes)

 

Hey, when it was pure Astaro it was only 15 IPs.

Link to post
Share on other sites

Wife's computer, tablet, phone,

Your computer, tablet, phone,

Son's computer, tablet, phone,

Daughter's computer, tablet, phone,

Xbox, PS3, PS4,

HTPC, server, TV,

Baby monitor, router, printer,

2 to 8 surveillance cameras,

NVR, 2 wireless APs.

 

That's up to 32 already. More children means even more IPs. More than 1 printer. A second, or third TV. Set Top Boxes. It's not hard these days to get up to 50.

  • Like 1
Link to post
Share on other sites
Drashna Jaelre

Also, a trick here.... If you use the wireless router as ... well a router (don't disable the NAT/WAN port), it is treated as one IP address. 

It may make things more difficult... but for phones, and tablets it may be fine.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...