GlimmerBlocker Logo

GlimmerBlocker

HTTP based ad blocker for Mac OS X

No hacks, no instability
Upgrade Safari whenever you like, no need to wait for an upgraded hack

GlimmerBlocker is no longer maintained and should no longer be used as web sites have migrated from using plain http to using https (i.e. encrypted) which prohibits modification by a proxy unless you resort to install custom SSL certiticates on the client.

You should use a browser extension instead.

It was made as a hobby project during 2007-2008 by Peter Speck. It features both a custom http server and http client and a Mac OS X control panel.

GlimmerBlocker did not only block requests but also allowed for adding custom css and javascript to the pages. It also allowed for modification of the page html before the browser receives the html, which made some modifications much easier than DOM based modifications.

Little Snitch

When using Little Snitch you must allow GlimmerBlocker to make network connections as all http requests will be made by GlimmerBlocker instead of e.g. Safari.

During (or right after) installation, you will be promted to permit network access:

OBS:

  1. You must select Forever to permit GlimmerBlocker network access after restarting your mac and after deactivation/activation of GlimmerBlocker.
  2. You must select Any Connection to be able to browse all websites. Just after installation GlimmerBlocker downloads the default filters and therefore it is highly probable that the first permission dialog has "glimmerblocker.org" as the host. Restricting to port 80 does not work for all web sites as some sites use e.g. port 8080.
  3. And you'll need to click Allow

All traffic comes from GlimmerBlocker?

Little Snitch intercepts traffic when it leaves your Mac, and not traffic between applications on your mac. Therefore, it will think that all http traffic now comes from GlimmerBlocker instead of Safari, NetNewsWire, etc.

When you use GlimmerBlocker (without Little Snitch) the flow is: Safari → GlimmerBlocker → website

When you use GlimmerBlocker and Little Snitch the flow is: Safari → GlimmerBlocker → Little Snitch → website

The proper flow would be Safari → Little Snitch → GlimmerBlocker → website
but this requires reengineering of Little Snitch. It is not something GlimmerBlocker can do.

Workaround #1

If you configure the network settings to dynamically select the proxy using a PAC script, you can make Safari use GlimmerBlocker and all other apps use direct connections. (requires GlimmerBlocker version 1.4.4 or later)

There are 5 steps:

Step 1

To do this, create your own filter.

Step 2

Copy the xml snippet below, and paste it into the "Rules in..." for your filter. You will then get a rule which creates such a dynamically script.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<glimmerblocker-rules>
    <rule priority="2" type="request" host="127.0.0.1" host-type="is" path="/rule/pac" path-type="is">
        <comments><![CDATA[Proxy PAC file.]]></comments>
        <request language="js" version="1"><![CDATA[gb.response.contentType = 'application/x-ns-proxy-autoconfig';
gb.response.headers['Cache-Control'] = 'max-age=1800';
var ua = gb.request.headers['User-Agent'];
ua = ua && ua.length && ua[0] ? ua[0] : 'Unknown'; // safe deref list

//gb.log("127.0.0.1 pac script v2, ua = %o", ua);

var condition;

if (ua.match(/Firefox/)) // Firefox doesn't like HTTPS proxying
{
     condition = "url.match(/^https:/) || host == 'localhost' || host == '127.0.0.1'";
} 
else if (ua.match(/Safari|WebProcess|PluginProcess|Opera|Camino|Chrome|com\.apple\.WebKit\.Networking|CFNetwork/)) 
{
     // Safari uses com.apple.Webkit.Networking as User Agent when requesting proxy autoconfiguration in OS X 10.9 Mavericks
     condition = "host == 'localhost' || host == '127.0.0.1'";
}
else
{
     condition = 'true';
}

t = "function FindProxyForURL(url, host) { return (" + condition + ") ? 'DIRECT' : 'PROXY 127.0.0.1:8228'; }\n";]]></request>
    </rule>
</glimmerblocker-rules>

Filter is updated with support for Lion/Safari 5.1 (thanks to Stefan Schmidt) and for OSX 10.9/Mavericks (thanks to Niklas Bölter).

Step 3

Open the "Network" System Preferences Panel. You need to do step 4 for all of the connections you use (e.g. Ethernet, AirPort).

Step 4

Click the "Advanced" button. Select the "Proxies" tab. Check the "Automatic Proxy Configuration" item, and in the URL field enter "http://127.0.0.1:8228/rule/pac". Uncheck "Web Proxy (HTTP)". Beware that GlimmerBlocker enables it each time you activate GlimmerBlocker unless you perform the following step, and selects "no" each time GlimmerBlocker is activated/deactivated.

Step 5

Open GlimmerBlocker, select the "Network" pane and check "Ask for confirmation of changes to http-proxy".

Workaround #2

macosxhints has published a workaround. This makes Safari use GlimmerBlocker as proxy, and all other applications use a direct connection. This workaround requires you to be able to install a php script on the Mac's local web server.

A more elaborate PAC configuration

This configuration makes Safari bypass GlimmerBlocker for all calls to hosts on the local network. Useful if you have webs-servers (or e.g. printers with web-interface) which should not be handled using GlimmerBlocker.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<glimmerblocker-rules>
    <rule priority="2" type="request" host="127.0.0.1" host-type="is" path="/rule/pac" path-type="is">
        <comments><![CDATA[Proxy PAC file.]]></comments>
        <request language="js" version="1"><![CDATA[// http://www.proxypacfiles.com/proxypac/index.php?option=com_content&view=article&id=55&Itemid=84

gb.response.contentType = 'application/x-ns-proxy-autoconfig';
gb.response.headers['Cache-Control'] = 'max-age=1800';
var ua = gb.request.headers['User-Agent'];
ua = ua && ua.length && ua[0] ? ua[0] : 'Unknown'; // safe deref list

//gb.log("127.0.0.1 pac script v2, ua = %o", ua);

var prefix = "function FindProxyForURL(url, host) {\n";
var suffix = "}\n";

var cond1 = "isPlainHostName(host) || host.match(/\.local$/)";

var cond2 = "isInNet(ip, '10.0.0.0', '255.0.0.0')" +
    " || isInNet(ip, '172.16.0.0', '255.240.0.0')" +
    " || isInNet(ip, '192.168.0.0', '255.255.0.0')" +
    " || isInNet(ip, '127.0.0.0', '255.255.255.0')";

var ipCheck = "var ip = dnsResolve(host);\n" +
    "return " + cond2 + " ? 'DIRECT' : 'PROXY 127.0.0.1:8228';\n";

if (ua.match(/Firefox/)) // Firefox doesn't like HTTPS proxying
{
     t = prefix + "if (url.match(/^https:/) || " + cond1 + ") return 'DIRECT';\n" + ipCheck + suffix;
} 
else if (ua.match(/Safari|WebProcess|PluginProcess|Opera|Camino|Chrome|com\.apple\.WebKit\.Networking/)) 
{
     // Safari uses com.apple.Webkit.Networking as User Agent when requesting proxy autoconfiguration in OS X 10.9 Mavericks
     t = prefix + "if (" + cond1 + ") return 'DIRECT';\n" + ipCheck + suffix;
}
else
{
     t = prefix + "return 'DIRECT';\n" + suffix;
}]]></request>
    </rule>
</glimmerblocker-rules>

Thanks to Johan Björklund for this addition.

Hint: get changes applied

When you update the PAC file the Mac doesn't know it. The network system preferences should have a "Refetch PAC" button like the "Renew DHCP Lease" button.

A workaround is to create another Network Location and switch between the two locations. Important: The two locations must result in a different ip-address, e.g. by having one location using DHCP and the other use a fixed ip-address.

Version 2.0.4 of Little Snitch

If you have version 2.0.4 of Little Snitch installed, please check that you are using "Core System Version" 387 and not 385. The latter is know to crash or completely deny network connections. If you have 385 installed, just download and install 2.0.4 once more as this will upgrade it to 387.