To protect me and all my precious devices from ad-ware and commercial stuff I decided to user my little raspberry pi as a Squid3 proxy server with user authentication and ad-blocking.
Now I start with the installation of squid
sudo aptitude update sudo aptitude install squid3
Create a the user database file:
sudo touch /etc/squid3/squid_passwd sudo chmod o+r /etc/squid3/squid_passwd
Add the first user:
sudo htpasswd /etc/squid3/squid_passwd knogge New password: Re-type new password: Adding password for user knogge
Locate the “ncsa_auth” package
find / -name ncsa_auth 2>&1 | grep -v "Permission denied" /usr/lib/squid3/ncsa_auth
Now its time to modify the squid3.conf and enable the password authentication:
# find the auth_param section and add the following auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd # create an ACL that force the user authentication acl ncsa_users proxy_auth REQUIRED # find the http_access section and appand this entry http_access allow ncsa_users
Now the “ad blocker” has to be added
. It is not really an add-blocker in the common sense but there are blacklists out there in the Internet and they are maintained very well. You can either get theses lists and block them via iptables or directly through your proxy server.
Add a folder for the black-list file
sudo mkdir /etc/squid3/block sudo chmod 777 /etc/squid3/block
Now add the following code to your squid.conf on the coresponding places. Make sure that the deny rule is before the allow ncsa.
## disable ads ( http://pgl.yoyo.org/adservers/ ) acl ads dstdom_regex "/etc/squid3/block/ad_block.txt" http_access deny ads #deny_info TCP_RESET ads
Now everything is done. REally everything ? Well no you need to get the ad_blocklist:
#!/bin/bash ## get new ad server list wget -O /etc/squid3/block/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext' # refresh squid /usr/sbin/squid3 -k reconfigure
Now add this to a script file called e.g. fetch_block_list.sh and make it executable. Further add it to the your contab
cd /etc/squid3 sudo nano fetch_block_list.sh # now add the script from abouve here and store it with SRTG+O, SRTG+X sudo chmod 755 fetch_block_list.sh
Now just add it to the /etc/crontab to fetch the list once a day at 6 am.
0 6 * * * /etc/squid3/fetch_adserver.sh >> /dev/null 2>&1