Users of AdGuard for Windows, Mac, and Android may notice that AdGuard adds a small script to every web page, that is loaded from the
First of all, don't worry, this is not a real domain, and there is actually no real server with that name. This domain is used to apply cosmetic filtering to web pages, but everything is done locally right on your device without connecting to any server.
But what's going on and why is it done? Please read the technical explanation below.
- In order to do it AdGuard injects a "content script" that looks like this:
<script src="https://local.adguard.org/.../content-script.js">. This "content script" takes care of cosmetic filtering, hides or removes ad content from the web pages.
- Connections to the IP address of the
local.adguard.orgdomain are intercepted by AdGuard on the network level and processed locally. This is why that domain has a "static" IP address that does not change for years.
Why do we need to use a real IP address for that?
- We cannot use
127.0.0.1as the browsers won't accept it.
- Using some IP address from the private subnets is possible, but this solution has two downsides.
- First, there is a slight chance of intersecting with an existing intranet service and breaking access to it.
- Second, some DNS servers may consider this a DNS rebinding attack and refuse to respond to
This is easy to verify. If you disable AdGuard, you'll see that it is simply impossible to establish connection to
local.adguard.org since there is no server with that address. Just try opening it in your browser when AdGuard is disabled.