How to block Google Adsense?

Thanks for the answer,

And you give me the right direction, the right tips:

  • When I tried to put “” in the global blacklist with Safari on the Mac… MacOs transform the “googleads” in “google ads” with a space :confused:
  • when I insert the same syntax in the blacklist with Safari on the ipad…it’s work.

Thank you again…:blush:

1 Like

Hi again :slight_smile:

I’m still having issue with Google Adsense…

Actually, I’m using the Shalla blacklist and this custom blacklist:

These ads are displaying without apparent links, so I don’t know what to block…
Did you have any suggestion, please?

Edit: looking with the web inspector, I find more domains to block…
But I’m afraid that I will be able to use a javascript blocker to avoid self-hosting ads :grin:

Nothing at messages.log? Can you give me some more information please:

  • The full google domain with your search entry
  • Which domains you found with web inspector

I add theses two ones:

Sorry for the mistake, it has to bee access.log (/var/log/squid/access.log/)

My access.log shows both adresses.

Oh yes, one more time, really good suggestion Michael…

Thank you very much…

What do you think of this:

1495626099.519 26 TCP_MISS/403 2093 GET - HIER_DIRECT/ text/html
1495626099.608 169 TCP_MISS/200 640 GET - HIER_DIRECT/ text/javascript
1495626100.166 170 TCP_MISS/200 640 GET - HIER_DIRECT/ text/javascript

There’s already a strange thing…
look this pic:

The purple banner, the VIVO ads is a stuff ( as you can see at the bottom of the pic.
This domain is in the blacklist

I have this with the Mac and with the ipad, so I think it isn’t a malware

Edit: @dev_team are joker allowed? i.e *…

I think the problem can be in another level:
in the squid log, we can see all that is requested by the client…
But what about stuff, or ads, push by the visited server?
is the black list is treated by shorewall from the wan to lan?

All websites with this problem have a script “adsbygoogle.js”


I made a firewall object, a host with the “” ip address ( today is the “” the problem…)

Take a look at this pic:

At the to the “G1 portal, the Globo site news”, with the banner adclick
at the bottom right the ping
at the bottom, the firewall rule…

I made a firewall rule to drop all from adclick to “any”

And I still have the adclick banner,
the ping continue to have reply…

Edit: and yes, it’s really difficult to make a proof of concept cause of is not only a unique address, but a “grap” of address.

I still thinking the adsgooglescricpt is here to dribble the proxy…
@filippo_carletti, the shorewall master, what do you think?


Sorry to continue this monologue but I would like to resolve this issue ( for me this is an issue)

There’s thing I would like to investigate, and I need some information:
Apparently, the blacklist is for squidguard only, this blacklist isn’t treated at the shorewall level.
It seem that a script can inject a banner throughout the proxy!

@dev_team, can you confirm this point?

My next question is: How can I have the exact squid configuration?

I would like to test Nethserver with Privoxy, to chain Squid/squidgard and Privoxy…
I want a good privacy and anti tracking feature on my network level…

Edit: What do you think to use fail2ban and the blacklist to do the job?

fail2ban is useless for this usage

looking on the doc

there exactly this: Uses Netfilter/Iptables by default but can also use TCP Wrapper (/etc/hosts.deny) and many other firewalls/actions.

In this case o TCP wrapper can be the squid black list, isn’t it?
Or I’m totally wrong?

fail2ban read logs, doing regex on it and blocking an IP for a determined time, to a full access or only on certain ports. It is not a DPI, nor a squidguard like software.

I can be wrong but it is not the purpose of fail2ban

No, no… you must be right, you have more experience with fail2ban than me.

Certainly the proxy chain Squid+privoxy is a better way to go…

I’m a little surprise with too few answers about this subjet…
To save bandwith and better filtering are good things for a Firewall distribution…

Look at yourself by google

how to block google adsense

You will find your question here…by the way actually the simplest way is an adblock like on each computer.

Yes, I’d install an adblocker in all my client…

But ( yes, with me there’s alway a “but”… I alway want more, improve things :wink:) I want to do this adblocking at my entry network level…

I really think it could be a good, a great feature for Netserver to do fine adblocking task.
And, to justify more yet, Untangle, Pfsense, ClearOS, dd-wrt are doing the adblock task… So, that Nethserver isn’t doing this very well is not a good thing.
It will be better with this feature… and embedded feature will be better yet :slight_smile:

Is someone want to help me to improve Nethserver this way?

Sorry for late response, I had to much work last weeks.

Is doucclick or doubleclick in your blacklist?

I think if you have in domain blacklist not url it blocks every adress.

In my blacklist I have lot of domain in

I will suggest one more idea than can be a good improvement for Nethserver…
For those who want to block something, without using the proxy cache and/or the proxy filter, or in complementation:

To import the blacklist no only for the squidguard, but for the host list too ( any list , university Toulouse…)
This way with or without squid guard… Netserver will have the possibility to filter.
One more function for NethServer!!!

What do you think about this?

Do you think this could help?

Yes… Sure.

Any filtering technic is good:
To filter by DNS at the DNS level.
To filter by hostname… with the host file ( or host.deny file in some Linux Distribution )
To filter with squid guard.

Any technic is good, and have the possibility to make combination of these technics are even better.
My objective is ad filter, but you can enlarge this point of view in term of security…

Yes, I think to push a blacklist , to have the possibility to personalise this blacklist and use it at three different levels ( host, shorewall and squid ) is a very good thing.

Please try to block not …, I think so you can block every doubleclick domain.

the I can’t find in your Blacklist, there’s only a dou(cle)