EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File and Privoxy Actions and Filters
EasyList Tracker and Adblock Rules to Proxy Auto Configuration (PAC) File and Privoxy Actions and Filters
Converts EasyList tracker and ad blocking rules to efficient network-level blocks in a proxy.pac file for automatic proxy network configurations and Privoxy proxy servers.
Easily incorporates multiple blocking rulesets into both PAC and Privoxy formats, including easyprivacy.txt, easylist.txt, fanboy-annoyance.txt, fanboy-social.txt, antiadblockfilters.txt, malwaredomains_full.txt, and the anti-spamware list adblock-list.txt.
The PAC-based approach used in this repo to block content no longer works with several common browsers: iOS Safari (#21), and Google Chrome (policy PacHttpsUrlStrippingEnabled
disabled). Therefore, it is recommended that this approach be replaced wiht Privoxy configured for HTTPS Inspection:
sudo port install privoxy
port notes privoxy
Or:
sudo port install macos-fortress-proxy
port notes privoxy
Provide tracker and ad blocking at the kernel and network layers using the crowd-sourced EasyList blocking rulesets used by client-based browser plugins. This proxy configuration provides EasyList blocking rules for all devices on the LAN or VPN, beyond the capabilities of client-specific plugins.
A combination of a proxy.pac
file with Privoxy and a webserver for CSS rules that perform element blocking is used to implement all the features of EasyList blocking rules.
Blocking capability | Browser Plugin | proxy.pac | Privoxy | Privoxy+CSS |
---|---|---|---|---|
EasyList regex rules | ✅ | ✅ | ✅ | ✅ |
EasyList element hiding | ✅ | ❌ | ❌ | ✅ |
HTTP | ✅ | ✅ | ✅ | ✅ |
HTTPS | ✅ | ✅ | ❌ | ❌ |
Client-level | ✅ | ✅ | ✅ | ✅ |
Kernel-level | ❌ | ✅ | ✅ | ✅ |
Network-level | ❌ | ✅ | ✅ | ✅ |
Large rulesets | ✅ | ❌ | ✅ | ✅ |
Download the proxy.pac file.
On macOS (without Server.app):
sudo cp ~/Downloads/proxy.pac /Library/WebServer/Documents
sudo apachectl start
Set your network Proxy Auto Configuration setting to:
http://localhost/proxy.pac
orhttp://host-ip-address/proxy.pac
Advantages
proxy.pac
file.proxy.pac
file and filter rules.Disadvantages
FindProxyForURL
Many Easylist rules use URL path information to determine of the request should be blocked or not. Becasue the full URL with its path is necessarily visible to the browser, this information can be passed to the Proxy Autoconfig file, even if the URL uses HTTPS, which is an advantage of using a PAC file for filtering.
However, this behavior presents a security vulnerability if the OS is configured to use a malicious PAC file. This issue can affect any browser, including Chrome and Safari.
Recent versions of Chrome and Firefox are configured to only send the domain name to the FindProxyForURL
function, which
closes this potential security vulnerability, but also prevents blocks based on URL path information.
To allow this blocking capability:
PacHttpsUrlStrippingEnabled
to be false
. In macOS:
defaults write com.google.Chrome PacHttpsUrlStrippingEnabled -bool false
network.proxy.autoconfig_url.include_path
to be true
using the Firefox link about:config.Configure an OpenVPN Server to use the proxy.pac
file hosted on your LAN.
This is the best option.
Advantages
proxy.pac
file and filter rules.Disadvantages
Set your network Proxy Auto Configuration setting to:
https://raw.githubusercontent.com/essandess/easylist-pac-privoxy/master/proxy.pac
Advantages
Disadvantages
proxy.pac
integrity.Using EasyList rules in a in a proxy.pac file provides these benefits:
The script easylist_pac.py
downloads EasyList and EasyPrivacy rules and converts these to a combination of very efficient Javascript hash lookups and efficient NFA regular expressions. The size of the PAC file and rulesets are limited in the posted example to a total of over fifteen thousand (18788) to ensure efficient execution on modern mobile devices. For full rulesets, use in conjunction with a browser plugin and/or Privoxy.
Example hash (exact match) blocking entries look like:
"tracker.myseofriend.net"
"adwiretracker.fwix.com"
Example regular expression blocking rules look like:
online.*/promoredirect?key=
secureprovide1.com/*=tracking
proxy.pac
converterpython3 easylist_pac.py
python3 easylist_pac.py -h
python3 easylist_pac.py -b blackhole-ip-address:port -d download_dir -p proxy:port -P proxy.pac.orig
The new file proxy.pac will be created in the (default ~/Downloads
directory. See easylist_pac.py -h
for options.
The repo adblock2privoxy is used to achieve nearly full EasyList rule capability, complete with element hiding.
After installing adblock2privoxy, an example production run with regular updates looks like:
adblock2privoxy -p /usr/local/etc/adblock2privoxy/privoxy -w /usr/local/etc/adblock2privoxy/css -d 10.0.1.3:8119 \
https://easylist.to/easylist/easyprivacy.txt \
https://easylist.to/easylist/easylist.txt \
https://easylist.to/easylist/fanboy-annoyance.txt \
https://easylist.to/easylist/fanboy-social.txt \
https://easylist-downloads.adblockplus.org/antiadblockfilters.txt \
https://easylist-downloads.adblockplus.org/malwaredomains_full.txt \
https://raw.githubusercontent.com/Dawsey21/Lists/master/adblock-list.txt
# then every few days
adblock2privoxy -t /usr/local/etc/adblock2privoxy/privoxy/ab2p.task
# restart privoxy, e.g. sudo port unload privoxy ; sudo port load privoxy
This proxy.pac is configured to block all known tracker and adware content at the network level. Many websites now offer an additional way to block ads: subscribe to their content. Security and privacy will always necessitate ad blocking, but now that this software has become mainstream with mainstream effects, ad blocker users must consider the potential impact of ad blocking on the writers and publications that are important to them. Personally, two publications that I gladly pay for, especially for their important US political and other coverage, are the New York Times and The Atlantic. I encourage all users to subscribe to their own preferred publications and writers.