# nginx include file for blocking advert networks that have # been known or suspected to carry malware due to their low # quality control. # See https://ssb22.user.srcf.net/law/shady.html # (in some cases we had to summarily block two or more # networks without determining which one actually carried # the malware, which we feel is justified because the other # one's quality control was not high enough to avoid being # placed next to the malware-carrying one) # Public domain with NO WARRANTY. # To restart nginx after changing this: # killall -SIGHUP nginx # Note: needed to compile a separate nginx # with ngx_http_proxy_connect_module # (this is not provided by Debian packages, # even nginx-extra, hence we cannot simply # work this into the main nginx config. And # don't want to run the public server from # recompiled stuff not handled by packages.) # Your local-nginx.conf can look something like this # (you might want to add other things to it) : # user www-data; # worker_processes auto; # events { } # http { # access_log /dev/null; error_log /dev/null; # server_names_hash_bucket_size 128; # proxy_read_timeout 1000s; # proxy_set_header Host $host; # proxy_pass_header Server; # # ...add any other server { } blocks here... # include malblock-nginx.conf; # } # We listen on port 8888: ensure this is not visible from # outside, and set WiFi proxy to it on your devices. # -------------------------------------------------------- server { listen 8888; server_name *.1-1ads.com *.instui201.info *.ads.diamonds *.trackmedia101.com *.prod.adspsp.com *.edge.quantserve.com *.launch.newsinc.com *.taboola.com *.2mdn.net *.doubleverify.com *.springserve.com *.betrad.com *.b2rrns9dgbx56tf5kc.agency *.reactrjs.com *.xpanama.net *.quantserve.com *.scorecardresearch.com; server_name ads.diamonds trackmedia101.com prod.adspsp.com edge.quantserve.com launch.newsinc.com taboola.com 2mdn.net doubleverify.com springserve.com betrad.com b2rrns9dgbx56tf5kc.agency reactrjs.com xpanama.net quantserve.com scorecardresearch.com; server_name *.amazon-adsystem.com; server_name *.kuaptrk.com *.mirando.de kuaptrk.com mirando.de; server_name i89o780.xyz 88jo3157.xyz *.88jo3157.xyz *.i89o780.xyz; server_name outloginequity.com *.outloginequity.com; server_name variouscreativeformats.com *.variouscreativeformats.com; server_name fertilizerfruitful.com; server_name pocketdentistry.com; # hosted misleading link-like advert in mid-copy: server_name *.media.net *.keywordblocks.com; server_name js.qyqc4s.com ad.fx168api.com; server_name *.iyfubh.com; # domain-parking adverts causing infinite redirect # https://github.com/yuliskov/SmartTube/issues/4550 server_name *.espleestrick.com; return 200; } server { listen 8888; server_name ~.+; resolver 8.8.8.8; # note: 'resolver' directive must be BEFORE proxy_connect, or it won't take effect. # (e.g. GPO overblocked innovationorigins.com which Wen wanted to see 2021-01-02, manifested as Firefox security error, showed GPO block page when edited address to http) # Google: 8.8.8.8 # Quad9: 9.9.9.9 # CloudFlare: 1.1.1.1 # OpenDNS: 208.67.222.222 , 208.67.220.220 proxy_connect; proxy_max_temp_file_size 0; location / { proxy_pass http://$http_host$request_uri; } }