ublockr - a minimalists approach to adblocking

[elorimer]

1. Do you mean to be writing a large file nightly to /jffs? Wouldn't be better to go on the USB stick?
2. I almost have this working, except that the /jffs/filters/ files are null I've gotta work on that.

N66

 

[tijaune]

Another alternative maybe to install ca-certificates from Entware-ng.

I think that will have certificates properly validated without using that CLI option.

I just realized I added --no-check-certificate everywhere to ublockr for debug since last friday. I still need them to run since there are numerous wget to https://gitlab.com for list retrieval and they got certificate error.

I guess the opkg install ca-certificates is only for Entware-ng site certificate?

 

[kvic]

I just realized I added --no-check-certificate everywhere to ublockr for debug since last friday. I still need them to run since there are numerous wget to https://gitlab.com for list retrieval and they got certificate error.

I guess the opkg install ca-certificates is only for Entware-ng site certificate?

The package contains many Root CAs. You can check under /opt/etc/ssl/certs.

Haven't checked other links but https://about.gitlab.com works for me without --no-check-certificates. Their cert is issued by COMODO in Manchester. See if you have these:

/opt/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
/opt/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
/opt/etc/ssl/certs/COMODO_Certification_Authority.crt

 

[RMerlin]

The problem is that openssl's default location for the CA is the same that Asuswrt uses for its httpd certificate. I need to come up with a simple solution, but so far I haven't found one that satisfied me.

curl doesn't have that issue because curl can be compiled with a specific location for the CA - so I compile it pointing at the CA bundle I've put under /rom/ .

 

[kvic]

Ah, maybe @tijaune is using the wget shipped with the firmware

Worth checking which wget people have (in SSH, type which wget). Entware-NG has its own wget package. I think only Entware's version (/opt/bin/wget) works with ca-certificates package.

@swetoast You might want to make it clear in your script/instructions...

 

[swetoast]

@kvic changed

if [ -z "$(opkg list-installed | grep wget)" ]; then opkg install wget; fi

@elorimer path is setable at line 14 to where ever you want it to be

path=/jffs/filters/adblock

also added notes on OP for how to config ublockr

 

[tijaune]

kudos, indeed it was the wget. My local ublockr is now exact as on the repository

 

[bilboSNB]

Am I right in assuming this installs pixelserv?

When I try to access speedtest.net I get redirected to this address: http://us-u.openx.net/ which brings me to my routers login page. Why would that be?

 

[swetoast]

gonna make a whitelist so please make a list of domains that you know that are safe as soon as the flu that i got has passed

added one domain to whitelist already just need to make a whitelist filter

 

[swetoast]

added a functional whitelist with the new version so just add the domains to the whitelist.filter in your path

the default whitelist if none is present includes one domain live.login.com since it for some reason shows up

also if OPKG is not detected it exits with an error message

 

[swetoast]

@bilboSNB cause its in the blacklist that domain appears to be included if you wish to whitelist it download the latest version of ublockr and add that domain to whitelist.filter

just add it as on the next line

live.login.com
us-u.openx.net

 

[swetoast]

ublockr uses cfg file for settings gets less messy for new users see OP for information

 

[swetoast]

did you try the command separately instead of using the install script ?

and does your setup use entware along with a usb stick mounted at /opt

wget https://gitlab.com/spitfire-project/ublockr/raw/master/ublockr -O /opt/bin/ublockr --no-check-certificate
wget https://gitlab.com/spitfire-project/ublockr/raw/master/ublockr.cfg -O /opt/etc/ublockr.cfg --no-check-certificate
chmod +x /opt/bin/ublockr
echo "cru a ublockr "0 0 * * * /opt/bin/ublockr" >> /jffs/scripts/services-start

no problem running that here no idea how your setup if have it correctly setup with entware and usb etc but i suggest you head to the wiki and read up on how to use entware.

/opt/home/admin # sh test
--2016-04-27 14:53:45--  https://gitlab.com/spitfire-project/ublockr/raw/master/ublockr
Resolving gitlab.com... 104.210.2.228
Connecting to gitlab.com|104.210.2.228|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4827 (4.7K) [text/plain]
Saving to: '/opt/bin/ublockr'

/opt/bin/ublockr                      100%[========================================================================>]   4.71K  --.-KB/s    in 0s     

2016-04-27 14:53:46 (40.7 MB/s) - '/opt/bin/ublockr' saved [4827/4827]

--2016-04-27 14:53:46--  https://gitlab.com/spitfire-project/ublockr/raw/master/ublockr.cfg
Resolving gitlab.com... 104.210.2.228
Connecting to gitlab.com|104.210.2.228|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 502 [text/plain]
Saving to: '/opt/etc/ublockr.cfg'

/opt/etc/ublockr.cfg                  100%[========================================================================>]     502  --.-KB/s    in 0s     

2016-04-27 14:53:48 (7.29 MB/s) - '/opt/etc/ublockr.cfg' saved [502/502]

 

[swetoast]

Do you have a services-start script at jffs ? again i refer you too the WIKI please read what your actually doing to your router before doing it

https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts

please start another thread on this cause i dont want to support basic features inside the firmware only ublockr

 

[swetoast]

you can add that domain to the whitelist filter will also add it to the default list in future installations.

 

[Veldkornet]

you can add that domain to the whitelist filter will also add it to the default list in future installations.

Thanks, I saw that after I posted

Once added to the whitelist, do I need to restart anything or should things just start working?


Sent from my  iPhone using Tapatalk

 

[swetoast]

run ublockr from shell once and it will remove all spotify from its hosts

 

[Veldkornet]

run ublockr from shell once and it will remove all spotify from its hosts

Cool, and do I need to put all the subdomains?

Or can I just say *.spotify.com


Sent from my  iPhone using Tapatalk

 

[swetoast]

spotify.com is better it doesnt do well with wildcards

 

[Veldkornet]

Hmm, no luck...

First I added only spotify.com
Then wg.spotify.com since this is what I saw in the log.

Then on http://wg.spotify.com, I see it gives a list of further servers, so I added all these too. Still no luck....

So it seems like something is being blocked still... If I put the DNS settings into my phone directly, then it works fine!


Sent from my  iPhone using Tapatalk