Squid as ad blocker
From LinuxMCE
This ad blocking is using [1] blocking lists.
Install Squid as laid out in How to setup secure outbound web access
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS Add these two lines below:
acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex" http_access deny ads
Create a script file, e.g. nano /etc/cron.daily/getadblock.sh
#!/bin/sh ### short script that downloads a list of ad servers for use with squid to block ads. ### ### details on configuring squid itself can be found here: ### ### http://pgl.yoyo.org/adservers/#withsquid ### ### - originally by Stephen Patterson <steve@lexx.uklinux.net> ### - butchered by Peter Lowe <pgl@yoyo.org> ### - LMCE 10.04 adjustments by Joakim Lindbom ## set things # URL of the ad server list to download listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0&mimetype=plaintext' # location of the list of ad servers used by Squid targetfile='/etc/squid/squid.adservers.regex' # location of a file where hostnames not listed can be added extrasfile='/etc/squid/squid-extra.adservers' # command to reload squid - change according to your system reloadcmd='restart squid' # temp file to use tmpfile="/tmp/.adlist.$$" # command to fetch the list (alternatives commented out) fetchcmd="wget -q $listurl -O $tmpfile" # log file logfile='/var/log/pluto/ad-blocker' ## do things ## echo "$(date -R) Getting new refuse list" >> "$logfile" # get a fresh list of ad server addresses for squid to refuse $fetchcmd # add the extras [ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile # check the temp file exists OK before overwriting the existing list if [ ! -s $tmpfile ] then echo "$(date -R) temp file '$tmpfile' either doesn't exist or is empty; quitting" >> "$logfile" exit fi cp $tmpfile $targetfile # clean up rm $tmpfile # restart Squid $reloadcmd
Make it executable:
chmod 755 /etc/cron.daily/getadblock.sh
To add auto configure (i.e. no config needed in your browser to make this work): Add a PAC auto config file to the Apache directory:
nano /var/www/wpad.pac
function FindProxyForURL(url, host) { return "PROXY 192.168.80.1:3128 ; DIRECT"; }
Add PAC function to the DHCP daemon: sudo nano /etc/dhcp3/dhcpd.conf add these lines after "option subnet-mask 255.255.255.0;"
option wpad code 252 = text; option wpad "http://192.168.80.1/wpad.pac"; class "MSFT" { match if substring(option vendor-class-identifier, 0, 4) = "MSFT"; option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list, fc); }
Restart the DHCP daemon
sudo restart dhcp-server