Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AB-Solution - The Ad Blocking Solution (v3.9.1)

Discussion in 'Asuswrt-Merlin' started by thelonelycoder, Feb 15, 2017.

  1. Laonifaron

    Laonifaron Occasional Visitor

    Joined:
    Oct 4, 2016
    Messages:
    36
    --2017-08-06 21:33:52-- (try:20) http://192.168.1.3/servstats.txt
    Connecting to 192.168.1.3:80... failed: Connection timed out.
    Giving up.

    So that's where the issue lies. Thanks a lot for your help btw. I really appreciate it!
     
  2. mannp

    mannp Occasional Visitor

    Joined:
    Aug 24, 2013
    Messages:
    35
    Thanks.

    It didn't change anything unfortunately, the same resolve to NXDOMAIN.
     
  3. Artanis

    Artanis New Around Here

    Joined:
    Aug 7, 2017
    Messages:
    3
    hi
    i have same problem with you
    ps doesnt work
    failed to connect serverstats
    how you fix this thanks
     
  4. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    This could be some firewal rule blocking access to it.
     
  5. Laonifaron

    Laonifaron Occasional Visitor

    Joined:
    Oct 4, 2016
    Messages:
    36
    A firewall rule? How can this be fixed? I have no firewall running anywhere.

    edit:

    When I put this into chrome:
    http://192.168.1.3:80/servstats.txt

    It shows me the stats, even though the wget in terminal fails? So it's like the router can't access itself but my pc can???
     
  6. Artanis

    Artanis New Around Here

    Joined:
    Aug 7, 2017
    Messages:
    3
    before latest update i can use ps normally
    i dont change any config on my KIS
    do you know how to fix this?
    i use KIS
    thanks
     
  7. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    KIS?
    What exact firmware are you all running that prevents wget to a local IP?
     
  8. Laonifaron

    Laonifaron Occasional Visitor

    Joined:
    Oct 4, 2016
    Messages:
    36
    Latest merlin stable
     
  9. nokaah

    nokaah New Around Here

    Joined:
    Jan 11, 2016
    Messages:
    2
    Your router by default have a firewall (iptables) enabled.
    Have you enabled access restrictions under www.asusrouter.com/Advanced_System_Content.asp (Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
    Or, in terminal (won't survive a reboot or reload of firewall):
    Code:
    iptables -I  ACCESS_RESTRICTION -s 192.168.1.3/32 -p tcp -m multiport --dports 80 -j ACCEPT
     
  10. Artanis

    Artanis New Around Here

    Joined:
    Aug 7, 2017
    Messages:
    3
    oh thanks
    (Option: Allow only specified IP address)? If so, try adding your pixelserv ipaddress here.
    adding ps ip address fixed
    thanks you very much
     
  11. Laonifaron

    Laonifaron Occasional Visitor

    Joined:
    Oct 4, 2016
    Messages:
    36
    Well, damn. You were right. I did only allow specified IP adresses. I just disabled that and now it works...

    The thing is: I've always had that setting enabled. Merlin must have changed something in his last build that caused that change. Seemingly the setting wasn't actually applied before that. Either way, thanks a lot.
     
  12. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    I guess that means another check will arrive soon in that script.
     
  13. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    AB-Solution 3.9.1 is now available, use cu to update.
    ab-solution.sh, functions.add and pixelserv-tls.add

    Support added for access restrictions in 380.66 and later, set in:
    Administration > System / Allow only specified IP address.
    This allows AB-Solution to do the pixelserv-tls tests during installation and start-up.
    The LTS fork by @john9527 is not affected by these Asus changes.

    This change auto-adds the necessary access restriction rule when installing pixelserv-tls when Access restriction is enabled.
     
    Last edited: Aug 9, 2017
  14. Makaveli

    Makaveli Regular Contributor

    Joined:
    Nov 4, 2016
    Messages:
    176
    Location:
    Canada
    Just upgraded no issues.

    Thank you sir.
     
    thelonelycoder likes this.
  15. WillyTP

    WillyTP Occasional Visitor

    Joined:
    Oct 22, 2015
    Messages:
    11
    Hello everybody!
    I need some advice regarding ab-solution and pixelserv.

    I installed Ab-Solution on my RT-AC68U, with blocking hosts choice n.2 from the installer, and afterwards I installed pixelserv.
    "All ok", ad blocking works.

    However, in some websites (for example on google.it/shopping , I make a search, I click on a choosen product to reach the destination website / seller page)
    my browser returns the following error:
    Il gestore di www.googleadservices.com ha configurato il sito in modo non corretto. Per evitare potenziali furti di informazioni Firefox ha interrotto la connessione.
    "Questo sito utilizza il protocollo HSTS (HTTP Strict Transport Security) per garantire che la connessione con Firefox avvenga esclusivamente in modo sicuro. Per questo motivo non è possibile aggiungere un’eccezione per questo certificato." (message is in Italian, however I believe you understand the meaning)

    Instead, if I disable Pixelserv, landing page looks like this:
    "Impossibile contattare il server
    Firefox non riesce a contattare il server www.googleadservices.com."

    Could somebody tell me "why" the certificate error in the first case?
    Moreover, why with some "classic" ad-blocking software (like AdBlock Plus) I get just banner removed, while with Ab-Solution I'm not able to browse websites anymore?

    The only solution (in this specific case for example) is to remove www.googleadservices.com from the black list?

    Thanks for support!
     
  16. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    When you experience these errors there is only one way to get around it:
    You need to install/add the pixelserv-tls certificate into the browser you are using.
    Depending on what browser you are using the procedure differs but usually you click on the padlock icon in the URL bar and then select to add the certificate.
     
  17. MarCoMLXXV

    MarCoMLXXV Guest

    I've always had the same issue, especially when clicking on Google Shopping or Google (promoted) search results. However, I never found a way to solve it, so most of the time I just manually type the url of the site suggested and search there for whatever I'm looking for. I'm mostly using Chromium or Chrome on Linux and when I get the Google Adservices error, there´s no padlock in the address bar but a red exclamation mark. When I click it, I have no option to import a certificate. It shows info on why the page isn't secure and links to a help document of Google, along with some other site-related info (cookies and stuff).

    So I downloaded the pixelserv-tls ca certificate from the router and imported it through settings > advanced > security and privacy > manage certificates and imported it on the authorities tab. Now when I reload the page or restart Chromium, the error is gone, but a blank page is shown instead.

    So somehow, by importing the pixelserv-tls certificate, it fixes Chromium complaining about an unsafe certificate, but the redirect stops working, resulting in a blank page. Any ideas how to fix this (if possible)? Or am I doing it the wrong way?
     
  18. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    In Firefox, I have this old addon "Google search link fix" that removes the affiliate links from Google pages.
    This will likely be obsolete with one of the coming Firefox updates where only Web extensions addons are allowed.
    On iOS I simply scroll down a little further to the direct link, if I ever have to do that.
    Not much I or the dev's of pixelserv-tls can do about it.

    Since we all want secure and untraceable web usage, and we should, this is more and more enforced by the browsers to only trust trusted certificates.
    Stupidity by users led the browser developers to remove the simple ability to add self-signed certificates to the trusted chain.
    Even we power users are left out with this good trend.

    What needs to be possible is to have a valid certificate for non-web accessible resources such as the pixelserv-tls and a router WebUI over https.
    If ever, this will be solved in another life or is available right now in a parallel Universe nearby. Or some sleight of hand by kvic or @mstombs in this life.

    I have given up on trying to do it with my limited understanding and knowledge to get it to work in a way that is reasonably secure and doable.
    I'm calling on my parallel Universe thelonelycoder in his free flowing work lab to help us out and send a fix through the nearest wormhole.
     
  19. MarCoMLXXV

    MarCoMLXXV Guest

    As soon as the wormhole opens and your parallel brother in arms hands you a fix, let me know. I'm sure many others are looking forward to a solution as well. In the meantime I'll check out the Chrome extension catalog, as I recall seeing something called similar to what you mentioned and see if that makes a difference.
     
    visortgw and thelonelycoder like this.
  20. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,027
    Location:
    In the heart of Switzerland
    This redirect page could be blocked in the blacklist/blocking file/firewall rule.
    Pay close attention through what hops that link gets resolved.
     
    MarCoMLXXV likes this.

Share This Page