From owner-freebsd-chat@FreeBSD.ORG Wed Sep 10 11:11:37 2008 Return-Path: Delivered-To: freebsd-chat@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BC8D106566B for ; Wed, 10 Sep 2008 11:11:37 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id D93CE8FC1E for ; Wed, 10 Sep 2008 11:11:36 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id m8ABAr0l082447; Wed, 10 Sep 2008 13:10:53 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id m8ABAqwe082446; Wed, 10 Sep 2008 13:10:52 +0200 (CEST) (envelope-from olli) Date: Wed, 10 Sep 2008 13:10:52 +0200 (CEST) Message-Id: <200809101110.m8ABAqwe082446@lurza.secnetix.de> From: Oliver Fromme To: freebsd-chat@FreeBSD.ORG, david@catwhisker.org In-Reply-To: <20080908010956.GT11991@bunrab.catwhisker.org> X-Newsgroups: list.freebsd-chat User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 10 Sep 2008 13:10:54 +0200 (CEST) Cc: Subject: Re: Google Chrome X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-chat@FreeBSD.ORG, david@catwhisker.org List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Sep 2008 11:11:37 -0000 David Wolfskill wrote: > g1-30(6.3-S)[4] host doubleclick.com > doubleclick.com has address 127.0.0.1 > g1-30(6.3-S)[5] host \*.doubleclick.com > *.doubleclick.com has address 127.0.0.1 > g1-30(6.3-S)[6] > > (My internal resolvers have a file that lists domains where: > * they are configured to be masters for the domains in question and > * everything resolves to 127.0.0.1. > It does clutter the Apache error log a bit, but otherwise tends to speed > page loading, as long as one doesn't object too strongly to 404 messages > in place of ads.) If you run a Squid proxy, there's another way to achieve similar results (without 404 messages). Put these lines in your sqid conf: acl banned_doms url_regex -i "/usr/local/etc/squid/banned_doms.txt" acl banned_urls dstdomain "/usr/local/etc/squid/banned_urls.txt" http_access deny banned_doms http_access deny banned_urls deny_info ERR_BANNED banned_doms deny_info ERR_BANNED banned_doms The file banned_doms.txt contains one domains per line, for example: .doubleclick.net .doubleclick.com .googlesyndication.com .hitbox.com .adserver.org .usertracker.info The dot prefix means to include the domain _and_ all names under that domain, e.g. ".foo.com" includes foo.com itself as well as www.foo.com, www.bar.foo.com and so on. This "dstdomain" matching is very efficient; in the squid ML someone reported having 600,000 entries in his file of banned domains. The file banned_urls.txt contains extended regular expressions (one per line) that are matched against the full URL of the request, for example: ^http://wodas\.wetteroffline\.de/static/sky_(google|woshop) ^http://oas\.hiese\.de/RealMedia/ads/ Finally, the file errors/$LANG/ERR_BANNED contains something like this: Blocked

(Ad blocked)