Difference between revisions of "Squid as ad blocker"
From LinuxMCE
(Created page with "This ad blocking is using [http://pgl.yoyo.org/adservers/] blocking lists. Install Squid as laid out in How to setup secure outbound web access Find the following line: # I...") |
m |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | This ad blocking is using [http://pgl.yoyo.org/adservers/] blocking lists. | + | This ad blocking is using [http://pgl.yoyo.org/adservers/ http://pgl.yoyo.org/adservers/] blocking lists. |
Install Squid as laid out in [[How to setup secure outbound web access]] | Install Squid as laid out in [[How to setup secure outbound web access]] | ||
| − | Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | + | Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS using: |
| + | nano /etc/squid/squid.conf | ||
Add these two lines below: | Add these two lines below: | ||
acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex" | acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex" | ||
| Line 36: | Line 37: | ||
# command to reload squid - change according to your system | # command to reload squid - change according to your system | ||
reloadcmd='restart squid' | reloadcmd='restart squid' | ||
| − | + | ||
# temp file to use | # temp file to use | ||
tmpfile="/tmp/.adlist.$$" | tmpfile="/tmp/.adlist.$$" | ||
| − | + | ||
# command to fetch the list (alternatives commented out) | # command to fetch the list (alternatives commented out) | ||
fetchcmd="wget -q $listurl -O $tmpfile" | fetchcmd="wget -q $listurl -O $tmpfile" | ||
| Line 45: | Line 46: | ||
# log file | # log file | ||
logfile='/var/log/pluto/ad-blocker' | logfile='/var/log/pluto/ad-blocker' | ||
| − | + | ||
## do things | ## do things | ||
## | ## | ||
| Line 52: | Line 53: | ||
# get a fresh list of ad server addresses for squid to refuse | # get a fresh list of ad server addresses for squid to refuse | ||
$fetchcmd | $fetchcmd | ||
| − | + | ||
# add the extras | # add the extras | ||
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile | [ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile | ||
| − | + | ||
# check the temp file exists OK before overwriting the existing list | # check the temp file exists OK before overwriting the existing list | ||
if [ ! -s $tmpfile ] | if [ ! -s $tmpfile ] | ||
| Line 73: | Line 74: | ||
Make it executable: | Make it executable: | ||
chmod 755 /etc/cron.daily/getadblock.sh | chmod 755 /etc/cron.daily/getadblock.sh | ||
| + | |||
| + | To add auto configure (i.e. no config needed in your browser to make this work): | ||
| + | Add a PAC auto config file to the Apache directory: | ||
| + | |||
| + | nano /var/www/wpad.pac | ||
| + | function FindProxyForURL(url, host) | ||
| + | { | ||
| + | return "PROXY 192.168.80.1:3128 ; DIRECT"; | ||
| + | } | ||
| + | |||
| + | Add PAC function to the DHCP daemon: | ||
| + | |||
| + | sudo nano /etc/dhcp3/dhcpd.conf | ||
| + | add these lines after "option subnet-mask 255.255.255.0;" | ||
| + | |||
| + | option wpad code 252 = text; | ||
| + | option wpad "http://192.168.80.1/wpad.pac"; | ||
| + | |||
| + | class "MSFT" { | ||
| + | match if substring(option vendor-class-identifier, 0, 4) = "MSFT"; | ||
| + | option dhcp-parameter-request-list = | ||
| + | concat(option dhcp-parameter-request-list, fc); | ||
| + | } | ||
| + | |||
| + | Restart the DHCP daemon | ||
| + | |||
| + | sudo restart dhcp-server | ||
Latest revision as of 16:44, 23 December 2011
This ad blocking is using http://pgl.yoyo.org/adservers/ blocking lists.
Install Squid as laid out in How to setup secure outbound web access
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS using:
nano /etc/squid/squid.conf
Add these two lines below:
acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex" http_access deny ads
Create a script file, e.g. nano /etc/cron.daily/getadblock.sh
#!/bin/sh ### short script that downloads a list of ad servers for use with squid to block ads. ### ### details on configuring squid itself can be found here: ### ### http://pgl.yoyo.org/adservers/#withsquid ### ### - originally by Stephen Patterson <steve@lexx.uklinux.net> ### - butchered by Peter Lowe <pgl@yoyo.org> ### - LMCE 10.04 adjustments by Joakim Lindbom ## set things # URL of the ad server list to download listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0&mimetype=plaintext' # location of the list of ad servers used by Squid targetfile='/etc/squid/squid.adservers.regex' # location of a file where hostnames not listed can be added extrasfile='/etc/squid/squid-extra.adservers' # command to reload squid - change according to your system reloadcmd='restart squid' # temp file to use tmpfile="/tmp/.adlist.$$" # command to fetch the list (alternatives commented out) fetchcmd="wget -q $listurl -O $tmpfile" # log file logfile='/var/log/pluto/ad-blocker' ## do things ## echo "$(date -R) Getting new refuse list" >> "$logfile" # get a fresh list of ad server addresses for squid to refuse $fetchcmd # add the extras [ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile # check the temp file exists OK before overwriting the existing list if [ ! -s $tmpfile ] then echo "$(date -R) temp file '$tmpfile' either doesn't exist or is empty; quitting" >> "$logfile" exit fi cp $tmpfile $targetfile # clean up rm $tmpfile # restart Squid $reloadcmd
Make it executable:
chmod 755 /etc/cron.daily/getadblock.sh
To add auto configure (i.e. no config needed in your browser to make this work): Add a PAC auto config file to the Apache directory:
nano /var/www/wpad.pac
function FindProxyForURL(url, host)
{
return "PROXY 192.168.80.1:3128 ; DIRECT";
}
Add PAC function to the DHCP daemon:
sudo nano /etc/dhcp3/dhcpd.conf
add these lines after "option subnet-mask 255.255.255.0;"
option wpad code 252 = text; option wpad "http://192.168.80.1/wpad.pac"; class "MSFT" { match if substring(option vendor-class-identifier, 0, 4) = "MSFT"; option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list, fc); }
Restart the DHCP daemon
sudo restart dhcp-server
