Unblock googleaddservices, google ads

Hallo everyone!

Is it possible to unblock fully googleaddserivces?
If you type in google "buy pc" the first few results are google adds.

I go to the shopping tab, it blocks almost every page I click.
i already whitelisted www.googleadservices.com but it didn’t really help.

I want to unblock this because my familly often use these links

1 Like

Had the same issue.
After a week I was used to it, but my wife wanted to have this "enabled".
Not @ home right now, but I will send you the whitelisted domains I opened for this.
Please be advised that opening these will cause ads on more sites as many pages use the google ads on their pages.

It's certainly possible by whitelisting Google's ad servers using pihole -w. And like @Jeroen1, mentioned Google ads will show up on any other site as well due to the way DNS black holing works. There may be other Google domains that you need to whitelist as well as Google is omnipotent.

thnx that would be really great.
Yeah i have some adds but ill block them with the addblock plugin on most of the devices in my network.
Only the mobile devices will experiance some adds.

*.dartsearch.net
*.googleadservices.com
ad.doubleclick.net
www.googletagmanager.com
www.googletagservices.com

Check the log for what domains to block with the wildcard *

1 Like

So yeah, wildcards don't work out of the box. However, I did start work on an implementation a while back. (Don't use that code, it's very alpha, and a mess!)

I've kind of got my head around the logic of it all, just need to make sure it's solid first.

1 Like

Appologies to tokodude about the *
I should have mentioned he could not just copy paste those 2 with the wildcard.
start with:

dartsearch.net
googleadservices.com
www..dartsearch.net
www.googleadservices.com

and see if this is enough.

2 Likes

clickserve.dartsearch.net

is (also) needed to allow clicking on the google adv. links

1 Like

Dear All
Newbie here,,
How can ik exclude google adds from pi hole.
Sometimes i like the adds

Or is there a new setting possible for this...

I haven't verified this, but did you try whitelisting the domains above?

pihole -w dartsearch.net googleadservices.com www.dartsearch.net www.googleadservices.com clickserve.dartsearch.net

Yes,

Search results in google en google shopping are "clickable"
Please notice the www..dartsearch.net should be www.dartsearch.net
I can send you my complete whitelist as it needed more domains to whitelist before the google results were "clickable"
As already indicated: slightly more ads in other pages now as google is a big spammer.
Blocking most of those with privoxy

As this was not my initial thread, but was just answerering tokodude, it's probaly best to ask him if his issue is resolved.

OK, this thread has multiple people in it. @tokodude and @Dombo71 do the solutions above work for you?

I was thinking about this problem (how to allow clicks while blocking ads from same servers) after I set up pi-hole yesterday.

A solution I thought of was to spoof www.googleadservices.com with a server that just replies with a 404 for everything except the adclick urls (eg: /pagead/aclk?.......&adurl=http://www.destinationurl.com/), which the server would respond to with a simple 302 redirect to correct URL (shouldn't be hard, after all the destination URL is right there).

First problem is that it's https, which makes spoofing difficult, but not impossible if you have control of client device (the browser) and can add trusted certificates to it. So first I tried making a self-signed certificate for www.googleadservices.com:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
cat key.pem certificate.pem > key-and-cert.pem
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

And used it to set up a https server under lighttpd (running on same server as pi-hole):

$SERVER["socket"] == ":443" {
    ssl.engine = "enable" 
    ssl.pemfile = "/etc/lighttpd/certs/key-and-cert.pem"
    server.document-root = "/srv/http/empty"
 }

I visited https://www.googleadservices.com/ and got a "cannot verify trust blah blah blah" error, I expected that, but I found that I kept getting them even after adding the certificate (the .p12 file) to firefox. It seems like self-signed certs are just not allowed for HSTS sites whether you add the cert or not. So I followed this guide to make a Certificate Authority, an Intermediate Certificate Authority, and a new CA signed cert, which I then configured lighttpd to use:

$SERVER["socket"] == ":443" {
    ssl.engine = "enable" 
    ssl.ca-file = "/etc/lighttpd/certs/ca-chain.cert.pem" 
    ssl.pemfile = "/etc/lighttpd/certs/key-and-cert.pem"
    server.document-root = "/srv/http/empty"
    $HTTP["host"] == "www.googleadservices.com" {
        ssl.pemfile = "/etc/lighttpd/certs/key-and-cert.pem"
        ssl.ca-file = "/etc/lighttpd/certs/ca-chain.cert.pem" 
        url.redirect = ("^/pagead/.*adurl=(.*)$" => "$1")
     }
 }

After adding ca-chain.cert.pem to firefox this worked, and with the url.redirect expression I added above it successfully performed redirection of google search results for me. But there's a problem, that server will now answer all https traffic directed to it (eg: all the https ad servers pi-hole has blocked) and it will get cert errors on all of them except www.googleadservices.com. One possible way around this is to put this spoofing server on a different machine to where pi-hole is running, then unblock the google ad sites but use hosts file (on pi-hole) to redirect them to the new server. You could probably even use IP aliasing to run https on same server as pi-hole, infact you might need to do this anyway to support the multiple domains google uses.

This solution is getting quite complicated at this point, and I'm not sure I can be bothered continuing just so I can click google ad's in their search results, so I'm posting this info incase someone really wants it bad enough to finish what I've started.

These googleadservices links are with mouse over shown as a clean link to the vendor, but with a left mouse click are changed to a googleadservice link which Pi-hole blocks.
A way around this issue for Firefox users is to install the addon 'Google search link fix'.
This addon keeps the ad link in a clean form (no changing to googleadservice with left mouse click).

I also got used to the google shopping suggestion links being blocked, the same way suggested "ad" web links are. Unfortunately due to the nature of pi-hole domain blocker, I can't think of a solution with (unless you check out mister.gnod's suggestion which is a cool hack, but by having access to firefox to add a .pem cert, you might as well use adblock and white list www.googleadservices.com in pihole)

When I was asked how come the google suggested shopping didn't work, I simply informed them their are better places to find deals. Users that are aware they can search (with practice) places like ebay, amazon or bestbuy they won't miss google suggestions a bit!

Hi all,

As I was making a diffrent approuch to this (no single change on a client: too much hassle)
Currently I am using privoxy to block a lot more combined with pihole.
(dhcp sends a pac file to most clients with proxy server settings and with this sending traffic to privoxy without too much hassle on the client. Using gpo in an AD environment makes this even fully automated if wanted)
Privoxy runs on my pihole device already

With privoxy it should be possible to catch the left click on the add and rewrite the url by removing the googleadserver link and rewriting the destination url to match the "clean" link.
So far I have not been successfull unfortunalty as some of these left click links are so darn complex.
Furthermore it is not only googleadserver.com, but also doubleclick, dartsearch and a few more url that are lauched when a link is clicked.

So : is there a programmer that has knowledge of regex expressions or deep knowledge of privoxy rules that is able to create the url rewrite rules? There is some basic documentation about url rewrite in privoxy, and also some build in filters by default.
With smart new privoxy url rerwrite rules there is no need to setup any certs or add-ons to clients.

Anyone availble for help?

Does privoxy require you add a certificate authority like my approach above did? Not sure how it's intercepting https traffic otherwise.

My post above has some regex that might be what you want (it's in the last lighttpd config snippet - the url.redirect part).

The regex is in the format lighttpd accepts which may not suit privoxy (never used it so I don't know), and I later rewrote it to ensure it would only use the adurl parameter (instead of just using everything after adurl=):

    url.redirect = (
        "^/pagead/.*adurl=([^&]+).* => "$1"
    )

I should point out that the destination site in adurl might be URL encoded, it definitely happens if destination URL has parameters (stuff after a question mark). So if destination URL is:

http://www.stuff.com/itemlookup?id=blah&redeemcode=xxx

You will end up with something like this:

adurl=http://www.stuff.com/itemlookup%3Fid%3Dblah%26redeemcode%3Dxxx

Sometimes lighttpd would automatically URL decode it, sometimes not. Not sure what lighttpd does.

Good luck with this, I'm a software engineer with 10 years experience and the more complicated regular expressions can do my head in too.

Going to give this a try as I do use this so willing to accept other ads. Ironically found using Google search......

Looks like there is a version for at least Chrome and Opera.

It would be nice to have some sort of mobile app or quick browser plugin for turning the pi hole on and off. I havent logged into the admin yet (forgot pw and need a usb keybd) so that functionality might be in there...

Appologies for the late reply and thanks for the effort.

What I am lookuing for is probably not possible
URL with add/spyare on google search page (result1 on top)=
https://www.google.nl/aclk?sa=l&ai=DChcSEwit7_qz0JHZAhWOybIKHRgkAOIYABAAGgJscg&sig=AOD64_2AroJouLEPf0_cbCSNY1AIni0yAA&q=&ved=0ahUKEwjY1fSz0JHZAhXKWCwKHU3qDSsQ0QwIJg&adurl=

And that takes me to https://www.miele.nl/
wow...
it looks as there is no descent indication in the adurl to figure out the end result for a rewrite.