raspberry pi – squid3 proxy and ad blocker

To protect me and all my precious devices from ad-ware and commercial stuff I decided to user my little raspberry pi as a Squid3 proxy server with user authentication and ad-blocking.

Now I start with the installation of squid

sudo aptitude update
sudo aptitude install squid3

Create a the user database file:

sudo touch /etc/squid3/squid_passwd
sudo chmod o+r /etc/squid3/squid_passwd

Add the first user:

sudo htpasswd /etc/squid3/squid_passwd knogge
New password: 
Re-type new password: 
Adding password for user knogge

Locate the “ncsa_auth” package

find / -name ncsa_auth 2>&1 | grep -v "Permission denied"
/usr/lib/squid3/ncsa_auth

Now its time to modify the squid3.conf and enable the password authentication:

# find the auth_param section and add the following 
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd

# create an ACL that force the user authentication
acl ncsa_users proxy_auth REQUIRED

# find the http_access section and appand this entry
http_access allow ncsa_users

Now the “ad blocker” has to be added
. It is not really an add-blocker in the common sense but there are blacklists out there in the Internet and they are maintained very well. You can either get theses lists and block them via iptables or directly through your proxy server.

Add a folder for the black-list file

sudo mkdir /etc/squid3/block
sudo chmod 777 /etc/squid3/block

Now add the following code to your squid.conf on the coresponding places. Make sure that the deny rule is before the allow ncsa.

## disable ads ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid3/block/ad_block.txt"
http_access deny ads
#deny_info TCP_RESET ads

Now everything is done. REally everything ? Well no you need to get the ad_blocklist:

#!/bin/bash
## get new ad server list
wget -O /etc/squid3/block/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'
# refresh squid
/usr/sbin/squid3 -k reconfigure

Now add this to a script file called e.g. fetch_block_list.sh and make it executable. Further add it to the your contab

cd /etc/squid3
sudo nano fetch_block_list.sh
# now add the script from abouve here and store it with SRTG+O, SRTG+X
sudo chmod 755 fetch_block_list.sh

Now just add it to the /etc/crontab to fetch the list once a day at 6 am.

0   6    *   *   * /etc/squid3/fetch_adserver.sh >> /dev/null 2>&1

Sources:

HalfaGeek

calomel.org

pgl.yoyo.org

itbert

2 comments for “raspberry pi – squid3 proxy and ad blocker

  1. Richard
    September 14, 2016 at 15:19

    is it possible to combine this with the Pi hole? Would be a very effective combination: Th Pi hole for http traffic, the proxy for all https traffic..

    • phil
      November 16, 2016 at 16:14

      Dear Richard,
      this is definitely suitable to run with the pi hole. There are several option. First is you install squid on the pi hole or you set the DNS resolver for the SQUID to the IP of your pi hole.

Leave a Reply

Your email address will not be published. Required fields are marked *