-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AdGuard's $network support on Firefox #2792
Comments
Related #1070 (comment)
Will blocking on response suffice? |
If can then display strict-blocking page. |
Goodness knows how this would be implemented in practice, but |
Related commit (forgot to link issue in commit message): gorhill/uBlock@c6dedd2 |
Ok i tested on |
It's possible to |
Real use case? I did look at whether document should be blocked but it turned out to be a bit more work then I expected so I left this out. |
I was thinking about those domains from badware that have a lot of similar domains in the same ip Though we would need to be very careful to not block legitimate sites. |
I did some testing for 40min tonight in Firefox 130.0 with uBO 1.51.1b17. I don't intend to put immediate pressure on any involved parties, I'm simply listing them.
• "I did look at whether [$doc] should be blocked but it turned out to be a bit more work then I expected so I left this out." |
Somehow I thought Firefox's Fixed in 1.59.1b18 |
This commit makes the DNS resolution code better suited for both filtering on cname and ip address. The change allows early availability of ip address so that `ipaddress=` option can be matched at onBeforeRequest time. As a result, it is now possible to block root document using `ipaddress=` option -- so long as an ip address can be extracted before first onBeforeRequest() call. Related issue: uBlockOrigin/uBlock-issues#2792 Caveat ------ the ip address used is the first one among the list of ip addresses returned by dns.resolve() method. There is no way for uBO to know which exact ip address will be used by the browser when sending the request, so this is at most a best guess. The exact IP address used by the browser is available at onHeadersReceived time, and uBO will also filter according to this value, but by then the network request has already been sent to the remote server. Possibly a future improvement would make available the whole list of ip addresses to the filtering engine, but even then it's impossible to know with certainty which ip address will ultimately be used by the browser -- it is entirely possible that the ip address used by the browser might not be in the list received through dns.resolve().
It's normal, the first time the IP address is not available in uBO's DNS cache, so the first call to onBeforeRequest() will log a non-matched entry. Once the the DNS resolution occurs, there will be another call to onBeforeRequest but with the IP address available, which will then match your filter. It works like this:
It's also how matching against cname has been working, there is always two entries in the logger when there is a cname. The logger really reports request matching calls, and there can be more than one. I suppose it would be useful to show at which stage the matching is made so that we know whether there was an actual request reaching the remote server, but there is not much horizontal space for more details in the logger. |
Having 2 filters with several hundreds of excluded domains (simplified example): *$doc,domain=~domain1.com|~domain2.org|~domain3.net
and trying to reduce lenght and complexity of the filters by replacing several hundreds of excluded domains by a small bunch of excluded Neither negating nor pipeing works (not sure whether it's unsupported or a bug): *$doc,ipaddress=~95.216.7.22
*$doc,ipaddress=95.216.7.22|9.9.9.9
*$doc,ipaddress=95.216.7.22|~9.9.9.9
*$doc,ipaddress=~95.216.7.22|~9.9.9.9 Pipeing does work in regex (but sometimes might be a bit cumbersome) but negating works only partially, can't find 100% working regex solution: *$doc,ipaddress=/^(?!95\.216\.7\.22|9\.9\.9\.9).*$/
*$doc,ipaddress=/^((?!95\.216\.7\.22|9\.9\.9\.9).)*$/
(Firefox) |
|
Good to know, as this information wasn't mentioned anywhere, by the way, would be good to know also:
(I also assume that possibly the former might depend on the latter) |
Negation and multi-address won't be implemented, there is no actual real world use cases for this.
What task? |
Not that I'm saying it must be implemented, but just simply replying: they were real use cases, which I have in "My filters", just that more for personal usage than to land in public filter lists, that's why I redacted and simplified them for the sake of example. The left part was a long regex (highlighted by yellow by uBO linter) with many unwanted phrases that might exist in a domain name, and the right part was a list of several hundred of excluded domains to not trigger the long regex on most common sites + other sites I visit. The purpose of the filters is to not visit some subcategories of categories of sites. But unless there is more of real usage cases (especially ones that could land in public lists) then yes, we can live without it. |
Prerequisites
I tried to reproduce the issue when...
Description
Documentation: https://adguard.com/kb/general/ad-filtering/create-own-filters/#network-modifier
Related issue: AdguardTeam/tsurlfilter#104
A specific URL where the issue occurs.
https://github.com/AdguardTeam/AdguardFilters/pull/160415/files
Steps to Reproduce
Check the links above
Expected behavior
NA
Actual behavior
NA
uBO version
1.51.0
Browser name and version
Firefox 116.0.3
Operating System and version
Windows 10
The text was updated successfully, but these errors were encountered: