- changed status to new
Adblock: can't blacklist subdomains of google.com or microsoft.com with default settings
Issue #317
new
The adblock-v2 script whitelists domains from various sources, including the mwan_ckdst NVRAM parameter, which on my router was set to google.com,microsoft.com (left over from an earlier FreshTomato version, it seems, as the current default is google.com,1.1.1.1). This caused all subdomains of google.com and microsoft.com to be silently removed from the blacklist, including adservice.google.com, telemetry.microsoft.com, etc.
I think that the script either shouldn’t bother trying to whitelist domains in mwan_ckdst at all (no standard host list will block them, and if a user blocks them manually it's kind of their own fault), or should whitelist only the exact domains. If it’s doable, it would also be good to not whitelist domains needed by another feature if the feature is disabled (as this one was on my router).
Comments (3)
-
repo owner
-
Fair point. I think we can go through the internally defined domains and one by one decide if they should be normal or strict whitelisted. This example brought up looks like a good candidate for strict whitelisting which means only the seen domain is whitelisted, any subdomain is treated normally and could be blacklisted via public list or manually.
-
agreed. we should strictly whitelist where possible, and only “normally” whitelist when strictly whitelisting isn’t possible.
that can be quite a challenge, for instance with the DDNS entries - currently there are 24 predefined + custom. there is probably not one size fits all solution.
- Log in to comment
