Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to Block ads in https

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • r0utevv3R
      r0utevv3
      last edited by

      I am using squidguard to block ads, and is working on http sites, but in https sites like youtube, I still able to see the ads, have you got any ideas of what I have to cofigure to deny ads also in https. thanks in advance

      It's not a bug, it's an undocumented feature

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        You need to man in the middle your HTTPS and make your network less secure. Totally worth it. But really, you can get probably the 80/20 rule by using  pfBlockerNG v2.0 w/DNSBL https://forum.pfsense.org/index.php?topic=102470.0

        If I sound a bit sarcastic, it's because the whole point of HTTPS is so that NO ONE can see or modify your traffic. What you're trying to do is at least see and possibly block or modify traffic.

        1 Reply Last reply Reply Quote 0
        • r0utevv3R
          r0utevv3
          last edited by

          Is this always of this way?. I remember that in my university youtube ads are blocked but I am still able to se the green https word, and I didn't install any certificate authority

          It's not a bug, it's an undocumented feature

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            There are a few possibilities that can explain what you saw

            1. Youtube was not HTTPS yet
            2. Youtube ads were not over HTTPS yet
            3. University was doing something similar to pfBlockerNG v2.0

            Summary: In order to block ads by inspecting the traffic, you have to man in the middle HTTPS. This may be the lesser of evils in some cases, but it is something very important to think about.  pfBlockerNG v2.0 can do this without inspecting traffic by messing with DNS or blocking IP addresses.

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @Harvy66:

              There are a few possibilities that can explain what you saw

              1. University was doing something similar to pfBlockerNG v2.0

              In order to block ads by inspecting the traffic, you have to man in the middle HTTPS. This may be the lesser of evils in some cases, but it is something very important to think about.

              Just as a note, pfBlockerNG, is not really MITM for HTTPS. It would be more DNS sinkholing then anything. MITM is evil, and should never be done for content filtering… :)

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.