How to block Google Adsense?

NethServer Version: 6.9
Module: web filter


I have a little but irritating problem with the web filter module.
I’m using the web filter module essentially to filter publicities, propagandas for a better comfort.
But since a time ( I can’t defend when or what’s occur) some banners gone through the filter.

I would like to correct this…
As you can see in this pict, there’s a banner that com from that normally is shoutouts be blocked.
I had already try to change the blacklist, without success.

Can you help me to understand and correct this little problem?

Please have a look at your access.log for the urls which are opened additional to the site you want to open.
Try to block them with global blacklist.

Thanks for the answer,

And you give me the right direction, the right tips:

  • When I tried to put “” in the global blacklist with Safari on the Mac… MacOs transform the “googleads” in “google ads” with a space :confused:
  • when I insert the same syntax in the blacklist with Safari on the ipad…it’s work.

Thank you again…:blush:

1 Like

Hi again :slight_smile:

I’m still having issue with Google Adsense…

Actually, I’m using the Shalla blacklist and this custom blacklist:

These ads are displaying without apparent links, so I don’t know what to block…
Did you have any suggestion, please?

Edit: looking with the web inspector, I find more domains to block…
But I’m afraid that I will be able to use a javascript blocker to avoid self-hosting ads :grin:

Nothing at messages.log? Can you give me some more information please:

  • The full google domain with your search entry
  • Which domains you found with web inspector

I add theses two ones:

Sorry for the mistake, it has to bee access.log (/var/log/squid/access.log/)

My access.log shows both adresses.

Oh yes, one more time, really good suggestion Michael…

Thank you very much…

What do you think of this:

1495626099.519 26 TCP_MISS/403 2093 GET - HIER_DIRECT/ text/html
1495626099.608 169 TCP_MISS/200 640 GET - HIER_DIRECT/ text/javascript
1495626100.166 170 TCP_MISS/200 640 GET - HIER_DIRECT/ text/javascript

There’s already a strange thing…
look this pic:

The purple banner, the VIVO ads is a stuff ( as you can see at the bottom of the pic.
This domain is in the blacklist

I have this with the Mac and with the ipad, so I think it isn’t a malware

Edit: @dev_team are joker allowed? i.e *…

I think the problem can be in another level:
in the squid log, we can see all that is requested by the client…
But what about stuff, or ads, push by the visited server?
is the black list is treated by shorewall from the wan to lan?

All websites with this problem have a script “adsbygoogle.js”


I made a firewall object, a host with the “” ip address ( today is the “” the problem…)

Take a look at this pic:

At the to the “G1 portal, the Globo site news”, with the banner adclick
at the bottom right the ping
at the bottom, the firewall rule…

I made a firewall rule to drop all from adclick to “any”

And I still have the adclick banner,
the ping continue to have reply…

Edit: and yes, it’s really difficult to make a proof of concept cause of is not only a unique address, but a “grap” of address.

I still thinking the adsgooglescricpt is here to dribble the proxy…
@filippo_carletti, the shorewall master, what do you think?


Sorry to continue this monologue but I would like to resolve this issue ( for me this is an issue)

There’s thing I would like to investigate, and I need some information:
Apparently, the blacklist is for squidguard only, this blacklist isn’t treated at the shorewall level.
It seem that a script can inject a banner throughout the proxy!

@dev_team, can you confirm this point?

My next question is: How can I have the exact squid configuration?

I would like to test Nethserver with Privoxy, to chain Squid/squidgard and Privoxy…
I want a good privacy and anti tracking feature on my network level…

Edit: What do you think to use fail2ban and the blacklist to do the job?

fail2ban is useless for this usage

looking on the doc

there exactly this: Uses Netfilter/Iptables by default but can also use TCP Wrapper (/etc/hosts.deny) and many other firewalls/actions.

In this case o TCP wrapper can be the squid black list, isn’t it?
Or I’m totally wrong?

fail2ban read logs, doing regex on it and blocking an IP for a determined time, to a full access or only on certain ports. It is not a DPI, nor a squidguard like software.

I can be wrong but it is not the purpose of fail2ban

No, no… you must be right, you have more experience with fail2ban than me.

Certainly the proxy chain Squid+privoxy is a better way to go…

I’m a little surprise with too few answers about this subjet…
To save bandwith and better filtering are good things for a Firewall distribution…

Look at yourself by google

how to block google adsense

You will find your question here…by the way actually the simplest way is an adblock like on each computer.

Yes, I’d install an adblocker in all my client…

But ( yes, with me there’s alway a “but”… I alway want more, improve things :wink:) I want to do this adblocking at my entry network level…

I really think it could be a good, a great feature for Netserver to do fine adblocking task.
And, to justify more yet, Untangle, Pfsense, ClearOS, dd-wrt are doing the adblock task… So, that Nethserver isn’t doing this very well is not a good thing.
It will be better with this feature… and embedded feature will be better yet :slight_smile:

Is someone want to help me to improve Nethserver this way?

Sorry for late response, I had to much work last weeks.

Is doucclick or doubleclick in your blacklist?

I think if you have in domain blacklist not url it blocks every adress.

In my blacklist I have lot of domain in

I will suggest one more idea than can be a good improvement for Nethserver…
For those who want to block something, without using the proxy cache and/or the proxy filter, or in complementation:

To import the blacklist no only for the squidguard, but for the host list too ( any list , university Toulouse…)
This way with or without squid guard… Netserver will have the possibility to filter.
One more function for NethServer!!!

What do you think about this?

Do you think this could help?