Skip to content
This repository has been archived by the owner. It is now read-only.

Fixed adblocking on SFGate.com #6635

Closed
lukemulks opened this issue Jan 14, 2017 · 1 comment
Closed

Fixed adblocking on SFGate.com #6635

lukemulks opened this issue Jan 14, 2017 · 1 comment

Comments

@lukemulks
Copy link
Collaborator

@lukemulks lukemulks commented Jan 14, 2017

Test plan

  1. Shields Up on Desktop or Tablet (landscape orientation)
  2. Go to: http://www.sfgate.com/news/article/before-after-storm-California-flood-ca-drought-10851105.php?google_editors_picks=true#item-44548
  3. There should NOT be ads shown

Original issue description

Did you search for similar issues before submitting this one?
Yes

Describe the issue you encountered:
On desktop, and from my Nexus9 Android Tablet (landscape orientation), the following SFGate URL loaded ads:
http://www.sfgate.com/news/article/before-after-storm-California-flood-ca-drought-10851105.php?google_editors_picks=true#item-44548

Ads loaded in tablet: landscape
Ads loaded on desktop (windows10)
Ads did not load on my Nexus5 phone

Expected behavior:
Ads should be blocked, but SFGate is calling the ad library and subsequent logic through two separate, custom calls.

Resolution to test:

SFGate is using 2 separate calls, both custom, to load the request library and load/form the actual ad requests. Details below to resolve.

Request 1 calls Hearst custom ad library _(peas)_: http://aps.hearstnp.com/Scripts/loadAds.js
Request 1: RESPONSE

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-CDN-Rule: fetch: 20min JS scripts
Content-Length: 372
Accept-Ranges: bytes
Date: Sat, 14 Jan 2017 07:44:44 GMT
Via: 1.1 varnish
Age: 256
X-Served-By: cache-sjc3621-SJC
X-Cache: HIT
X-Cache-Hits: 48
X-Timer: S1484379884.732511,VS0,VE0
Vary: Accept-Encoding
Proxy-Connection: Keep-alive

/*********************** Environment specific variable ***********************/
var loadAd_UrlLocation = ('https:' == document.location.protocol ? 'https:' : 'http:') + "//aps.hearstnp.com/";

/*********************** Load Main file for serving ads ***********************/
var mainFile = loadAd_UrlLocation + 'Scripts/loadAdsMain.js';
document.write('<scr' + 'ipt id="loadAdConfig" type="text/javascript" src="' + mainFile + '"><\/scr' + 'ipt>');

Request 2 calls the actual headers and ad slot definitions to the page _(carrots)_: http://aps.hearstnp.com/SRO/GetJS?url=www.sfgate.com/news/article/before-after-storm-California-flood-ca-drought-10851105.php%3Fgoogle_editors_picks%3Dtrue

(I'll leave the full response to Request 2 off this, but it's long and includes all the ad logic you'd typically observe called to the page head)

The trick they use is to hide the library call for request 1, and then mask request 2 using the environment specific variable to load the URL location as if it was requesting the actual URL.

Blocking this URL should result in a fix
http://aps.hearstnp.com/Scripts/loadAds.js

@lukemulks lukemulks self-assigned this Feb 2, 2017
@lukemulks lukemulks added this to the 0.13.3 milestone Feb 2, 2017
@lukemulks lukemulks modified the milestones: 0.13.4, 0.13.5 Feb 15, 2017
@lukemulks
Copy link
Collaborator Author

@lukemulks lukemulks commented Mar 14, 2017

Tested a fix with a custom filter in about:adblock that blocked the hearst calls for this and any other hearst domains outside of SFGate.com.

Closing the issue here, migrating to here: brave/adblock-lists#15 where I am submitting a PR tonight to fully resolve.

Two other shield-evading requests were discovered, one for sailthru (aggregator) and another that Google is using to sniff for blocking and pass data. Those will be submitted with this update.

@lukemulks lukemulks closed this Mar 14, 2017
@alexwykoff alexwykoff mentioned this issue Mar 14, 2017
0 of 44 tasks complete
@alexwykoff alexwykoff changed the title SFGate.com - custom ad calls evading blocking on tablets & desktop (siteHack-level) Fixed adblocking on SFGate.com Mar 30, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.