Ceux qui me côtoient savent que la préservation de ma vie privée m’importe, notamment la numérique : pas de réseau social, PC/tablettes et smartphones sous VPN ou proxy voire Tor, auto-hébergement autant que possible des services que j’utilise (ou de leurs alternatives), gestion de mes caméras et tout le toutim.
Et j’utilise des navigateurs qui ne se paient pas sur mon dos, à savoir en ce moment Librewolf & Safari. Et à chaque page chargée, ils envoient l’info que j’utilise Windows, Linux, Android ou macOS, en anglais ou en français etc.
Vous pouvez faire un avant/après pour tester l’efficacité de vos filtres via https://adblock.turtlecute.org/
À la maison, c’est très simple, pour le WiFi/Ethernet : tout passe par mon serveur AdGuardHome, qui sert de serveur DNS et filtre les requêtes et réponses, qui lui-même passe par à Unbound, qui est un résolveur DNS avec un cache, le tout avec une petite couche de Redis, qui sert de cache.
Le but ? Améliorer la rapidité des réponses en les mettant en cache. Vu qu’on interroge très souvent les mêmes sites (joindre un moteur de recherche, consulter les emails, services de mises à jour etc), on gagne quelques millisecondes et ça fait moins travailler AGH, donc la machine qui l’héberge, puisqu’il trouve de suite ses réponses à nos requêtes DNS.
Ce n’est que de la logique, exprimée par de la technique.
Le mieux dans tout ça ? C’est que grâce à imTHAI ça s’installe en 2-2 via Docker 🙂
Alors c’est simple, si vous avez un minimum de connaissances en Linux ou envie de chercher/apprendre un peu, avez une machine sous Linux qui tourne 24/7 et souhaitez maîtriser votre Internet en bloquant pubs, traqueurs, porno, réseaux sociaux, etc.
Il faut d’abord une IP dédiée (192.168.0.64 chez moi) sur le réseau pour le résolveur DNS, qui sera ensuite à configurer sur tous les PCs, smartphones, tablettes, serveurs, consoles, TVs, etc ou, plus simple, à configurer sur la box FAI ou sur un routeur, de cette manière on évite de configurer chaque équipement de la maison.
Chez Free je pouvais mettre ce DNS dans la box mais avec Orange, j’ai dû ajouter un routeur qui gère mon réseau…
docker network create -d macvlan -o parent=enp2s0 --subnet=192.168.0.0/24 --gateway=192.168.0.1 adguardhome192.168.0.0/24 : mon réseau local
192.168.0.1 : mon routeur
adguardhome : le nom du réseau Docker que je veux créer
enp2s0 : interface Internet du serveur qui héberge AGH. On le voit en les affichant via ifconfig
root@StreamBox:/home/aerya# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 16:de:f6:6b:4c:fd txqueuelen 0 (Ethernet)
RX packets 10021780 bytes 3323597432 (3.3 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14490924 bytes 55250717505 (55.2 GB)
TX errors 0 dropped 11 overruns 0 carrier 0 collisions 0
enp1s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 6c:4b:90:4e:5c:cf txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.163 netmask 255.255.255.0 broadcast 192.168.0.255
ether 40:ae:30:60:0d:84 txqueuelen 1000 (Ethernet)
RX packets 229046286 bytes 304037549338 (304.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55202145 bytes 24158621961 (24.1 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 1183217 bytes 127910610 (127.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1183217 bytes 127910610 (127.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0On peut ensuite installer le Docker
services:
adguardhome:
image: ghcr.io/imthai/adguardhome-unbound-redis:latest
container_name: adguardhome
restart: always
volumes:
- /home/aerya/docker/adguardhome-unbound-redis:/config
ports:
- 53:53/tcp
- 53:53/udp
- 3000:3000/tcp
networks:
adguardhome:
ipv4_address: 192.168.0.64
labels:
- com.centurylinklabs.watchtower.enable=true
networks:
adguardhome:
external: true
name: adguardhome
Attention, dans cette configuration AGH <=> Unbound, c’est bien Unbound qui gère les requêtes DNS. AGH ne peut que contacter Unbound.
Par défaut dans ce Docker, Unbound fait les requêtes DNS à CloudFlare, comme indiqué dans ce fichier de configuration. Libre à vous de modifier/ajouter des résolveurs pour palier à une panne du DNS de Cloudflare ou tout simplement éviter d’éventuels censures, pistages ou poisoning.
Dans la configuration de base fournie avec ce Docker, vous pouvez par exemple commencer par décommenter les DNS de DNS4all, Quad9 et Yandex. IPv4 et/ou v6 selon l’Internet que vous avez chez vous.
Voici les stats depuis mon dernier reset de cet été.
Je ne vais pas détailler la configuration d’AdGuardHome puisqu’il suffit de lire. Voici les listes que j’utilise (qui se mettent dans le fichier de configuration AdGuardHome.yaml).
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt
name: Dan Pollock's List
id: 1691514601
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_34.txt
name: HaGeZi Multi NORMAL
id: 1691514602
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt
name: The NoTracking blocklist
id: 1691514603
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
name: OISD Blocklist Big
id: 1691514604
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
name: Peter Lowe's Blocklist
id: 1691514605
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt
name: Steven Black's List
id: 1691514606
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_39.txt
name: Dandelion Sprout's Anti Push Notifications
id: 1691514607
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt
name: Dandelion Sprout's Game Console Adblock List
id: 1691514608
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt
name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
id: 1691514609
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
name: WindowsSpyBlocker - Hosts spy rules
id: 1691514610
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt
name: 'CHN: AdRules DNS List'
id: 1691514611
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt
name: 'CHN: anti-AD'
id: 1691514612
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_35.txt
name: 'HUN: Hufilter'
id: 1691514613
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_22.txt
name: 'IDN: ABPindo'
id: 1691514614
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_19.txt
name: 'IRN: PersianBlocker list'
id: 1691514615
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_25.txt
name: 'KOR: List-KR DNS'
id: 1691514616
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_15.txt
name: 'KOR: YousList'
id: 1691514617
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_36.txt
name: 'LIT: EasyList Lithuania'
id: 1691514618
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_20.txt
name: 'MKD: Macedonian Pi-hole Blocklist'
id: 1691514619
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_13.txt
name: 'NOR: Dandelion Sprouts nordiske filtre'
id: 1691514620
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_41.txt
name: 'POL: CERT Polska List of malicious domains'
id: 1691514621
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_14.txt
name: 'POL: Polish filters for Pi-hole'
id: 1691514622
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_17.txt
name: 'SWE: Frellwit''s Swedish Hosts File'
id: 1691514623
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_26.txt
name: 'TUR: turk-adlist'
id: 1691514624
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_40.txt
name: 'TUR: Turkish Ad Hosts'
id: 1691514625
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_16.txt
name: 'VNM: ABPVN List'
id: 1691514626
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
name: Phishing URL Blocklist (PhishTank and OpenPhish)
id: 1691514627
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
name: NoCoin Filter List
id: 1691514629
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
name: Scam Blocklist by DurableNapkin
id: 1691514630
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt
name: ShadowWhisperer's Malware List
id: 1691514631
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt
name: Stalkerware Indicators List
id: 1691514632
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt
name: The Big List of Hacked Malware Web Sites
id: 1691514633
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
name: Malicious URL Blocklist (URLHaus)
id: 1691514634
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
id: 1691514635
- enabled: true
url: https://adaway.org/hosts.txt
name: https://adaway.org/hosts.txt
id: 1691514636
- enabled: true
url: https://filters.adtidy.org/extension/chromium/filters/3.txt
name: https://filters.adtidy.org/extension/chromium/filters/3.txt
id: 1691514637
- enabled: true
url: https://filters.adtidy.org/extension/chromium/filters/10.txt
name: https://filters.adtidy.org/extension/chromium/filters/10.txt
id: 1691514638
- enabled: true
url: https://filters.adtidy.org/extension/chromium/filters/16.txt
name: https://filters.adtidy.org/extension/chromium/filters/16.txt
id: 1691514639
- enabled: true
url: https://filters.adtidy.org/extension/chromium/filters/11.txt
name: https://filters.adtidy.org/extension/chromium/filters/11.txt
id: 1691514640
- enabled: true
url: https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/black.list
name: https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/black.list
id: 1691515197
- enabled: true
url: https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.adblock
name: https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.adblock
id: 1691515198
- enabled: true
url: https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.txt
name: https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.txt
id: 1691515199
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt
id: 1691515201
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt
id: 1691515203
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/dyndns.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/dyndns.txt
id: 1691515205
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/hoster.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/hoster.txt
id: 1691515206
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/personal.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/personal.txt
id: 1691515207
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.winoffice.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.winoffice.txt
id: 1691515208
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.huawei.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.huawei.txt
id: 1691515209
- enabled: true
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.apple.txt
name: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.apple.txt
id: 1691515210
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/abuse-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/abuse-ags.txt
id: 1691515211
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/ads-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/ads-ags.txt
id: 1691515212
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/fraud-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/fraud-ags.txt
id: 1691515214
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/malware-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/malware-ags.txt
id: 1691515215
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/phishing-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/phishing-ags.txt
id: 1691515216
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/ransomware-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/ransomware-ags.txt
id: 1691515217
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/scam-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/scam-ags.txt
id: 1691515218
- enabled: true
url: https://blocklistproject.github.io/Lists/adguard/tracking-ags.txt
name: https://blocklistproject.github.io/Lists/adguard/tracking-ags.txt
id: 1691515219
- enabled: true
url: https://blocklistproject.github.io/Lists/adobe.txt
name: https://blocklistproject.github.io/Lists/adobe.txt
id: 1691515220
- enabled: true
url: https://winhelp2002.mvps.org/hosts.txt
name: https://winhelp2002.mvps.org/hosts.txt
id: 1699927409
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_38.txt
name: 1Hosts (mini)
id: 1699927410
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt
name: 1Hosts (Lite)
id: 1699927411
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_45.txt
name: HaGeZi's Allowlist Referral
id: 1699927412
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt
name: HaGeZi's Gambling Blocklist
id: 1699927413
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_44.txt
name: HaGeZi's Threat Intelligence Feeds
id: 1699927414
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt
name: Phishing Army
id: 1699927415
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt
name: uBlock₀ filters – Badware risks
id: 1699927416
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt
name: AdGuard DNS Popup Hosts filter
id: 1725834955
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_53.txt
name: AWAvenue Ads Rule
id: 1725834956
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt
name: OISD Blocklist Small
id: 1725834957
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_43.txt
name: 'ISR: EasyList Hebrew'
id: 1725834959
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_55.txt
name: HaGeZi's Badware Hoster Blocklist
id: 1725834960
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_48.txt
name: HaGeZi's Pro Blocklist
id: 1725834962
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/block_third_party_fonts.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/block_third_party_fonts.txt
id: 1727961503
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/antipaywall_filters_without_element_hiding.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/antipaywall_filters_without_element_hiding.txt
id: 1727961504
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/annoyance_list.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/annoyance_list.txt
id: 1727961505
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/click2load.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/click2load.txt
id: 1727961506
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/combined_annoyances_without_element_hiding
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/combined_annoyances_without_element_hiding
id: 1727961507
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/enhanced_site_protection.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/enhanced_site_protection.txt
id: 1727961508
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/personal.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/personal.txt
id: 1727961509
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/privacy_essentials.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/privacy_essentials.txt
id: 1727961510
- enabled: true
url: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/youtube_clear_view.txt
name: https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/youtube_clear_view.txt
id: 1727961511
- enabled: true
url: https://big.oisd.nl/
name: https://big.oisd.nl/
id: 1727961512
- enabled: true
url: https://raw.githubusercontent.com/ppfeufer/adguard-filter-list/refs/heads/master/blocklist
name: https://raw.githubusercontent.com/ppfeufer/adguard-filter-list/refs/heads/master/blocklist
id: 1730902707
- enabled: true
url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
name: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
id: 1730902708
- enabled: true
url: https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
name: https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
id: 1730902709
- enabled: true
url: https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
name: https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
id: 1730902710
- enabled: true
url: https://v.firebog.net/hosts/Prigent-Crypto.txt
name: https://v.firebog.net/hosts/Prigent-Crypto.txt
id: 1730902712
- enabled: true
url: https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
name: https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
id: 1730902715
- enabled: true
url: https://phishing.army/download/phishing_army_blocklist_extended.txt
name: https://phishing.army/download/phishing_army_blocklist_extended.txt
id: 1730902716
- enabled: true
url: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
name: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
id: 1730902717
- enabled: true
url: https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
name: https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
id: 1730902719
- enabled: true
url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
name: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
id: 1730902720
- enabled: true
url: https://urlhaus.abuse.ch/downloads/hostfile/
name: https://urlhaus.abuse.ch/downloads/hostfile/
id: 1730902721
- enabled: true
url: https://v.firebog.net/hosts/Easyprivacy.txt
name: https://v.firebog.net/hosts/Easyprivacy.txt
id: 1730902722
- enabled: true
url: https://v.firebog.net/hosts/Prigent-Ads.txt
name: https://v.firebog.net/hosts/Prigent-Ads.txt
id: 1730902723
- enabled: true
url: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
name: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
id: 1730902724
- enabled: true
url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
name: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
id: 1730902725
- enabled: true
url: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
name: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
id: 1730902726
- enabled: true
url: https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
name: https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
id: 1730902727
- enabled: true
url: https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
name: https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
id: 1730902728
- enabled: true
url: https://v.firebog.net/hosts/AdguardDNS.txt
name: https://v.firebog.net/hosts/AdguardDNS.txt
id: 1730902729
- enabled: true
url: https://v.firebog.net/hosts/Admiral.txt
name: https://v.firebog.net/hosts/Admiral.txt
id: 1730902730
- enabled: true
url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
name: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
id: 1730902731
- enabled: true
url: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
name: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
id: 1730902732
- enabled: true
url: https://v.firebog.net/hosts/Easylist.txt
name: https://v.firebog.net/hosts/Easylist.txt
id: 1730902733
- enabled: true
url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
name: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
id: 1730902734
- enabled: true
url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
name: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
id: 1730902735
- enabled: true
url: https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
name: https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
id: 1730902736
- enabled: true
url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
name: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
id: 1730902738
- enabled: true
url: https://v.firebog.net/hosts/static/w3kbl.txt
name: https://v.firebog.net/hosts/static/w3kbl.txt
id: 1730902739
- enabled: true
url: https://big.oisd.nl
name: https://big.oisd.nl
id: 1730902740
- enabled: true
url: https://raw.githubusercontent.com/jarelllama/Scam-Blocklist/main/lists/adblock/scams.txt
name: jarelllama/Scam-Blocklist
id: 1741237617
- enabled: true
url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/AntiPCPriceHiderList.txt
name: DandelionSprout/AntiPCPriceHiderList
id: 1741237618
- enabled: true
url: https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_trackers_justdomains.txt
name: AdguardTeam/cname-trackers
id: 1741237619
- enabled: true
url: https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/domains.txt
name: AmnestyTech/investigations/master/2021-07-18_nso
id: 1741237620
- enabled: true
url: https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
name: privacy-protection-tools/anti-AD
id: 1741237621
- enabled: true
url: https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Anudeep-Youtube.txt
name: deathbybandaid/Anudeep-Youtube
id: 1741237622
- enabled: true
url: https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/malware/azorult.txt
name: maltrail/azorult
id: 1741237623
- enabled: true
url: https://badblock.celenity.dev/abp/microsoft.txt
name: https://badblock.celenity.dev/abp/microsoft.txt
id: 1741237624
- enabled: true
url: https://badblock.celenity.dev/nintendo.txt
name: https://badblock.celenity.dev/nintendo.txt
id: 1741237625
- enabled: true
url: https://raw.githubusercontent.com/stamparm/blackbook/master/blackbook.txt
name: stamparm/blackbook
id: 1741237626
- enabled: true
url: https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=bpc-paywall-filter.txt
name: bypass-paywalls
id: 1746911691
Et mes blocages ou passe-droits spécifiques qui sont entrés via la WebUI dans Filtres / Règles de filtrage personnalisées
# =====================================
# RÈGLES DE BLOCAGE (par ordre alphabétique)
# =====================================
||a.20minutes.fr^
||queue-it.net^
||a.vod.6cloud.fr^
||ad.doubleclick.net^
||adc3-launch.adcolony.com^
||adfox.yandex.ru^
||adfstat.yandex.ru^
||adm.hotjar.com^
||ads.linkedin.com^
||ads.pinterest.com^
||ads.tiktok.com^
||ads.yahoo.com^
||ads.youtube.com^
||ads-api.tiktok.com^
||ads-api.twitter.com^
||ads-sg.tiktok.com^
||ads30.adcolony.com^
||adserver.unityads.unity3d.com^
||adservetx.media.net^
||adservice.google.com^
||adsfs.oppomobile.com^
||adtago.s3.amazonaws.com^
||adtech.yahooinc.com^
||adx.ads.oppomobile.com^
||advertising-api-eu.amazon.com^
||advertising.apple.com^
||advertising.twitter.com^
||advice-ads.s3.amazonaws.com^
||afs.googlesyndication.com^
||an.facebook.com^
||analytics-api.samsunghealthcn.com^
||analytics.google.com^
||analytics.pinterest.com^
||analytics.pointdrive.linkedin.com^
||analytics.query.yahoo.com^
||analytics.s3.amazonaws.com^
||analytics.tiktok.com^
||analytics.yahoo.com^
||analytics-sg.tiktok.com^
||analyticsengine.s3.amazonaws.com^
||antenna.ayads.co^
||api-adservices.apple.com^
||api.ad.xiaomi.com^
||api.bugsnag.com^
||api.luckyorange.com^
||api.mouseflow.com^
||app-measurement.com^
||app.bugsnag.com^
||app.getsentry.com^
||appmetrica.yandex.ru^
||auction.unityads.unity3d.com^
||axate.io^
||bdapi-ads.realmemobile.com^
||bdapi-in-ads.realmemobile.com^
||blueconic.net^
||books-analytics-events.apple.com^
||boot.pbstck.com^
||browser.sentry-cdn.com^
||bugsnag.com^
||business-api.tiktok.com^
||c.ptgncdn.com^
||careers.hotjar.com^
||cdn-eu.realytics.net^
||cdn-test.mouseflow.com^
||cdn.luckyorange.com^
||cdn.mouseflow.com^
||ck.ads.oppomobile.com^
||claritybt.freshmarketer.com^
||click.googleanalytics.com^
||click.oneplus.cn^
||cloud-01.molotov.tv^
||config.unityads.unity3d.com^
||cs.luckyorange.net^
||cxense.com^
||data.ads.oppomobile.com^
||data.mistat.india.xiaomi.com^
||data.mistat.rus.xiaomi.com^
||data.mistat.xiaomi.com^
||deliver.ptgncdn.com^
||delivery.tf1.fr^
||diagnostics.meethue.com^
||diagnostics.meethue.com.home^
||ensighten.com^
||events.hotjar.io^
||events.reddit.com^
||events.redditmedia.com^
||events3alt.adcolony.com^
||evolok.net^
||extmaps-api.yandex.net^
||forcesafesearch.google.com^
||forcesafesearch.google.com.example.com^
||freshmarketer.com^
||fwtracks.freshmarketer.com^
||gemini.yahoo.com^
||geo.yahoo.com^
||google-analytics.com^
||grs.hicloud.com^
||gtm.mouseflow.com^
||hadrianpaywall.com^
||iadsdk.apple.com^
||identify.hotjar.com^
||insights.hotjar.com^
||intake.pbstck.com^
||iot-eu-logser.realme.com^
||iot-logser.realme.com^
||js.matheranalytics.com^
||js.pelcro.com^
||loader-cdn.azureedge.net^
||log.byteoversea.com^
||log.fc.yahoo.com^
||log.pinterest.com^
||logbak.hicloud.com^
||logservice.hicloud.com^
||logservice1.hicloud.com^
||luckyorange.com^
||m.doubleclick.net^
||media.net^
||mediavisor.doubleclick.net^
||metrika.yandex.ru^
||metrics.data.hicloud.com^
||metrics.icloud.com^
||metrics.mzstatic.com^
||metrics2.data.hicloud.com^
||mouseflow.com^
||newsmemory.com^
||nmetrics.samsung.com^
||notes-analytics-events.apple.com^
||notify.bugsnag.com^
||nqs.nice264.com^
||o2.mouseflow.com^
||offerwall.yandex.net^
||olytics.omeda.com^
||onecount.net^
||open.oneplus.net^
||pagead2.googleadservices.com^
||pagead2.googlesyndication.com^
||partnerads.ysm.yahoo.com^
||piano.io^
||pixel.facebook.com^
||poool.fr^
||proxy.nextinteractive.brightcove.services^
||pub-mp4.cdn-0.diff.tf1.fr^
||pub-mp4.cdn-1.diff.tf1.fr^
||pub-mp4.cdn-2.diff.tf1.fr^
||pub-mp4.cdn-3.diff.tf1.fr^
||pub-mp4.cdn-4.diff.tf1.fr^
||pub.3gppnetwork.org^
||qiota.com^
||realtime.luckyorange.com^
||samsungads.com^
||samsung-com.112.2o7.net^
||script.hotjar.com^
||sdkconfig.ad.intl.xiaomi.com^
||sdkconfig.ad.xiaomi.com^
||sessions.bugsnag.com^
||settings.luckyorange.net^
||smetrics.samsung.com^
||sophi.io^
||ssl.google-analytics.com^
||static.ads-twitter.com^
||static.doubleclick.net^
||static.media.net^
||stats.g.doubleclick.net^
||stats.wp.com^
||steadyhq.com^
||surveys.hotjar.com^
||t.360.audion.fm^
||tonos.gjirafa.tech^
||tools.mouseflow.com^
||tr.iadsdk.apple.com^
||tracker.port443.xyz.home^
||tracking.rus.miui.com^
||trc.taboola.com^
||trk.pinterest.com^
||udc.yahoo.com^
||udcm.yahoo.com^
||ultimedia.com^
||upload.luckyorange.net^
||w.usabilla.com^
||w1.luckyorange.com^
||wallkit.net^
||wd.adcolony.com^
||weather-analytics-events.apple.com^
||webview.unityads.unity3d.com^
||ws.batch.com^
||www.baidu.com^
||www.digiteka.com^
||www.qq.com^
||www.ultimedia.com^
||yggtorrent.do^
||zephr.com^
||acdid.cmd^
# =====================================
# RÈGLES D'AUTORISATION (par ordre alphabétique)
# =====================================
@@||0.5.1.4.d.2.e.f.f.f.d.e.7.9.6.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa^
@@||airvpn.org^
@@||celebjihad.com^
@@||checkout.stripe.com^
@@||controlpanel.newshosting.com^
@@||d3ward.github.io^
@@||daddylive.dad^
@@||datanodes.to^
@@||denofsimps.club^
@@||dns.adguard-dns.com^
@@||dns10.quad9.net^
@@||docker.stirlingpdf.com^
@@||eporner.com^
@@||faphouse.com^
@@||fbx-firmware.proxad.net^
@@||fileplanet.com^
@@||gatewaylogin.bot-captchacolver.ru^
@@||giphy.com^
@@||icanhazip.com^
@@||inference.location.live.net^
@@||ipinfo.io^
@@||ipv4.am.i.mullvad.net^
@@||kraken.com^
@@||linkedin.com^
@@||login.bot-captchacolver.ru^
@@||login.tailscale.com^
@@||ms-ads.prod.cloud.ogury.io^
@@||newshosting.com^
@@||ns0.fdn.fr^
@@||pkgs.tailscale.com^
@@||posthog.com^
@@||sentry.io^
@@||server.bot-captchacolver.ru^
@@||shadow.guru^
@@||shadow.tech^
@@||static-ca-cdn.eporner.com^
@@||static-eu-cdn.eporner.com^
@@||tapochek.net^
@@||tracker.pornbay.wtf^
@@||ubiservices.data.ubi.com^
@@||us1.locationiq.com^
@@||v4.ident.me^
@@||vlscppe.microsoft.com^
@@||ww1.deemix.app^
@@||www.airvpn.org^
@@||www.celebjihad.com^
@@||www.driveridentifier.com^
@@||www.eporner.com^
@@||www.faphouse.com^
@@||www.msftconnecttest.com^
@@||www.newshosting.com^
@@||www.posthog.com^
@@||whatismyip.akamai.com^
@@||whatsapp.com^
@@||whatsapp.net^
@@||youtube.com^
@@||airvpn.org^$important
@@||www.getfoxyproxy.org^$important
@@||getfoxyproxy.org^$important
@@||ip-api.com^$important
@@||ajax.googleapis.com^
@@||ajax.aspnetcdn.com^
@@||ajax.microsoft.com^
@@||cdnjs.cloudflare.com^
@@||code.jquery.com^
@@||cdn.jsdelivr.net^
@@||fonts.googleapis.com^
@@||yastatic.net^
@@||yandex.st^
@@||apps.bdimg.com^
@@||libs.baidu.com^
@@||cdn.staticfile.org^
@@||cdn.bootcss.com^
@@||mat1.gtimg.com^
@@||lib.sinaapp.com^
@@||upcdn.b0.upaiyun.com^
@@||stackpath.bootstrapcdn.com^
@@||maxcdn.bootstrapcdn.com^
@@||netdna.bootstrapcdn.com^
@@||use.fontawesome.com^
@@||ajax.cloudflare.com^
@@||akamai-webcdn.kgstatic.net^
@@||gitcdn.github.io^
@@||vjs.zencdn.net^
@@||cdn.plyr.io^
@@||cdn.materialdesignicons.com^
@@||cdn.ravenjs.com^
@@||js.appboycdn.com^
@@||cdn.embed.ly^
@@||cdn.datatables.net^
@@||mathjax.rstudio.com^
@@||cdn.mathjax.org^
@@||code.createjs.com^
@@||sdn.geekzu.org^
@@||ajax.proxy.ustclug.org^
@@||unpkg.com^
@@||pagecdn.io^
@@||cdnjs.loli.net^
@@||ajax.loli.net^
@@||fonts.loli.net^
@@||lib.baomitu.com^
@@||cdn.bootcdn.net^
@@||fonts.gstatic.com^
@@||ajax.loli.net.cdn.cloudflare.net^
@@||akamai-webcdn.kgstatic.net.edgesuite.net^
@@||apps.bdimg.jomodns.com^
@@||cdn.bootcdn.net.maoyundns.com^
@@||cdn.bootcss.com.maoyundns.com^
@@||cdn.embed.ly.cdn.cloudflare.net^
@@||cdn.jsdelivr.net.cdn.cloudflare.net^
@@||cdnjs.loli.net.cdn.cloudflare.net^
@@||cds.s5x3j6q5.hwcdn.net^
@@||developer.n.shifen.com^
@@||dualstack.osff.map.fastly.net^
@@||fonts.loli.net.cdn.cloudflare.net^
@@||gateway.cname.ustclug.org^
@@||gstaticadssl.l.google.com^
@@||iduwdjf.qiniudns.com^
@@||lb.sae.sina.com.cn^
@@||lib.baomitu.com.qh-cdn.com^
@@||mat1.gtimg.com.tegsea.tc.qq.com^
@@||materialdesignicons.b-cdn.net^
@@||mscomajax.vo.msecnd.net^
@@||sdn.inbond.gslb.geekzu.org^
@@||use.fontawesome.com.cdn.cloudflare.net^
@@||vo.aicdn.com^
@@||i.postimg.cc^
@@||ww1.lusthive.org^$important
@@||steamrip.com^$important
@@||tiplex.carrd.co^$important
@@||tpx-app.carrd.co^$important
@@||live-tpx.carrd.co^$important
@@||onlyfans.wtf^$important
@@||www.facebook.com^$important
@@||mullvad.net^$important
@@||www.instagram.com^$important
@@||static.cdninstagram.com^$important
@@||secure.gravatar.com^$important
@@||gamecopyworld.com^$important
@@||client.packetstream.io^$important
@@||perr.l-err.biz^$important
@@||perr.bright-sdk.com^$important
@@||perr.l-agent.me^$important
@@||earnapp.com^$important
@@||api.packetstream.io^$important
@@||analytics.propz.de^$important
@@||packetstream.io^$important
@@||cloudflare-dns.com^$important
@@||checkip.amazonaws.com^$important
@@||api.ipify.org^$importantQuant aux smartphones, en ce moment nous sommes sur iPhone, on peut filtrer efficacement de 2 manières mais dans tous les cas en passant par un VPN. Soit en installant un serveur VPN à la maison, qui utilise le DNS local et en mettant le client sur smartphone soit en utilisant un VPN « commercial » qui permet de filtrer les DNS.
Ayant un compte AirVPN (lien sponso) depuis des années je me contente d’utiliser ce dernier, avec ces filtres DNS (à configurer chez eux)
Pour l’utiliser il faut créer un profil Wireguard et l’installer/activer après avoir installé Wireguard.
Des clients me demandaient souvent comment filtrer le surf de leurs enfants. Si cette solution de serveur DNS hébergé permet de filtrer au mieux l’accès aux réseaux sociaux, porno etc, rien n’est 100% sécurisé ni fiable. On le sait tous, il n’y a rien de plus simple que d’accéder à du contenu porno par Internet : chats, messageries, forums, blogs, galeries etc. Sans compter que désactiver un VPN sur un smartphone n’est pas impossible même si des outils de contrôle parental peuvent le compliquer. Et on sait tous qu’en discutant à droite à gauche on a vite fait d’obtenir des infos pour passer outre les blocages.
J’informais mes clients que ces solutions sont seulement contraignantes mais absolument pas pérennes, selon l’âge et la maturité des bambins.
Bonus : quelques extensions Librewolf liées à cette thématique :
Sponsorblock pour bloquer pubs et passages de sponsoring sur YouTube
Disable WebRTC pour empêcher le leak d’IP
LocalCDN pour limiter le tracking
uBlock Origin pour filtrer publicités et tracking (mais ne suffit pas, loin de là)
Firefox Multi-Account Containers pour faire de l’isolation de containers (onglets) et limiter le tracking du navigateur quand on va sur Amazon etc
Temporary Containers qui fait comme au-dessus mais un peu plus poussé
