New to pfSense. Googleads results are blocked. Advice on fixing or accepting?
-
I understand that the top results are ads and can ignore or accept them being informed.
This is a home network. What are people doing with this situation? Manually side stepping it each time? Somehow whitelisting it? If the latter, how?
-
@tbeaulieu Out of the box pfSense doesn't block anything outbound from LAN, much less redirect it somewhere. Did you set up pfBlocker or something else to block or redirect that domain?
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote ๐ helpful posts! -
@SteveITS said in New to pfSense. Googleads results are blocked. Advice on fixing or accepting?:
Did you set up pfBlocker or something else ...
You and I know that will be a solid "yes, I did" **.
This :
even tells me that a web server actually did reply, but according the certificate that it send over this answering web site created the "the authority is invalid" message - this wasn't googleadservices.com but some one else.
Oh boy
No worries, I'm pretty sure I know who it was. And @tbeaulieu made it happen.
A fact is : pfSense "out of the box" didn't do this.Advice on fixing or accepting?
Easy : No one can fix or repair what TLS (more precise : https) is supposed to do.
There is no bypass, no solution, as TLS isn't broken. If it was, Internet as a whole would break a minutes ... world economy would coming to a stop .... and strange browser messages would be the very last of our problems.The browser just throws out a message, as it supposed to do.
In the past you could click on "Advanced" and then accept to visit the page anyway.
Not sure if this is still possible, as things can go very wrong afterwards and who is then responsible ? The browser of course, never the user who clicked.
If possible, @tbeaulieu go ahead, and tell us what you saw.**) or he is using a pi-hole, or some one else, upstream (in front of the pfSense WAN), is already filtering the DNS. These cases are more rare, but when this is the situation, the pfSense admin already knows this.
@tbeaulieu said in New to pfSense. Googleads results are blocked. Advice on fixing or accepting?:
What are people doing with this situation?
Fast answer : whitelist the site that triggers this browser message.
-
Sorry, I should have been more specific. Yes I have the pfBlocker extension. This morning I noticed that SOME of these ads actually work.
I thought for sure that pfBlocker (the lists) was blocking googleads, because googleads' certificate was bad. I was quite surprised by that.
Do you think the real issue isn't google, but a site that is associated with that ad, which is simply a pass through?
Basically, I was worried that I'd be seeing an enormous number of "back to safety" screens for what I'd assume aren't in my scope of concern.
Thanks!
-
@tbeaulieu By default pfBlocker shows a "block page" telling the user it was blocked but of course pfSense doesn't have a matching certificate so your browser will show an error. You can have it null block instead, see screen cap here:
https://forum.netgate.com/topic/195892/pfblockerng-question-s/12
-
@tbeaulieu said in New to pfSense. Googleads results are blocked. Advice on fixing or accepting?:
because googleads' certificate was bad
Call Google and tell them ?
You'll do them a huge favor Google's add renevu is several millions a day), they will give raise your addwords account to the sky.
Seriously ?Their certificate is fine.
What happened this :
You installed pfBlockerng because you were totally fed up to see these adds everywhere.
pfBlockerng by itself is empty, does nothing.
You you added a DNSBL 'add block' feed.
Just for the fun : open it up in a text editor :I'll show you :
Here are my DNSBL :
I'll edit second one :
)and there you have the actual file :
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
and in this file, your find :
and now you've found out what pfBlockerng actually does :
If a DNS request for "googleadservices.com" comes in, it will be replaced for 0.0.0.0.Even better, it isn't even pfBLockerng that does the heavy lifting. It the resolver (unbound).So, if you, with the browser addresses bar, or as an URL on some web page that want to show you an add, a DNS call is needed, and 0.0.0.0 will come back. The browser will not try to contact 0.0.0.0 as that is the 'address does not exist' indicator.
I've explained the Null (or 0.0.0.0) blocking :
The (totally useless) Webserver/VIP blocking : the IP won't be 0.0.0.1 but 10.10.10.1.
And guess who will serve pages at that address ? The pfBlockerng web server that will tell you you wanted to visit a page that was blocked by the pfSense.
Sure enough, this web server can not have the web server certificate that Google uses for its addserver services page (
) so it will use its own certificate.
Your browser detects that 10.10.10.1 is not Google as it will use the certificate and checks if the site it wanted to connect to is really goolgeadservcie.com.
And guess what ?? It wasn't.
The browser barks.
The add was blocked.You said :
googleads' certificate was bad
I say :
Your browser was at that moment connected to 10.10.10.1 (pfBlockerng web server) and of course that server doesn't have the certificate that said it "googleadservice.com".
Because that's impossible.But now, let me thank you first, as you really made my day - its always good to laugh ones in a while.
You said :New to pfSense. Googleads results are blocked. Advice on fixing or accepting?
And then you said
Yes I have the pfBlockerng
and I presume you installed some DNSBL feeds, like the one I've shown above.
Here it comes : pfBlockerng is also known as an "add blocker".
googleadservcies.com is probably the biggest add server in the world, and present on all those DNSBL lists.Or : what was your reason why you installed pfBlockerng ?
As said above : you can white list host names like "googleadservcies.com".
Go here :
and click on the green "+" and you'll be guided.
From now on, "googleadservcies.com" won't be blocked anymore.
And yes, don't worry, it took most of us a lot of time to learn how to work with pfBlockerng. We all went through it. There are no short cuts, not that I know of.
