Adblock Plus

I saw an ad enforcing technique on http://noscript.net that breaks adblock.
Even though I have filter "http://ads." URL that redirect to "http://ads.doclix.com/" are fetched. Is there a way to avoid this?

Here's an example of what happens on noscript.no and produces a Google ad in left side iframe:

REQUEST
http://noscript.net/MFFUQx5U;X1NcWUge;U ... E;Hl5VRB8=;
RESPONSE
Location: http://ads.doclix.com/adserver/serve/js ... cript.net/

REQUEST
http://ads.doclix.com/adserver/serve/js ... cript.net/
RESPONSE
Set-Cookie: JSESSIONID=0AB653B9049BBAC14C7341C897700EC7; Path=/


REQUEST
http://noscript.net/D25rfCFr;YGxjZnch;b ... gf3p/;IWV8;
RESPONSE
Location: http://ads.doclix.com/adserver/serve/js/ad_popup.js


REQUEST
http://pagead2.googlesyndication.com/pa ... script.net
RESPONSE
The ads Google

As you see the main problem seems to be that response header "Location" is not intercepted and checked for blocking.

guestposter wrote:Is there a way to avoid this?

For now there isn't. But it's a known issue as far as I know, maybe it'll be fixed some day...

Until then you can do something like this: and it should whack them all.

Add or but the first filter is better.

I was not talking about this specific ad and how to get rid of it. I was using only using noscript.net to illustrate a specific technique that seems to be able to break Adblock in a very effective way.

The solution seems very simple: Also filter response header "Location:". I hope it is technically possible to do so with Adblock. Otherwise I think the effectiveness of Adblock may deteriorate over time as more sites discover this technique and start employing it.

guestposter wrote:I hope it is technically possible to do so with Adblock.

It's a Firefox bug, but like I said Wladimir is already aware of it.

If widespread abuse is what it takes for the bug to gain priority then so be it. But in the end those kind of ads can still be blocked, and there are other features and fixes that also need attention...

Ok. Thank you.

Is this the bug you refer to?

"HTTP redirects can bypass content policies"
https://bugzilla.mozilla.org/show_bug.cgi?id=431782

Yes, that's the one.

Yuck. This bug does worry me. I really hope Firefox has it fixed soon.

It's actually interested me for a while. If you use the extension "requestpolicy," you have to allow requests from youtube.com to googlevideo.com to watch any youtube videos, yet filtering *googlevideo* in ABP does nothing.

If you use the "blocksite" extension, you can blacklist *googlevideo* in blacklist mode, or not include it in whitelist mode, and it has the same effect again. But stll, ABP can't block this bypass.

'Tis a shame. This bug has freakin' layers.

Even more interesting, there are some youtube videos that invoke a further request from googlevideo.com to 74.125.x.x. That's only one example. If you want to watch comedy central videos while using requestpolicy, you'll find even more concatenated requests. The power of a site to force you to watch ads, or as an exploit venue, is scary.