Difference between revisions of "Squid as ad blocker"

From LinuxMCE
Jump to: navigation, search
m
m
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
This ad blocking is using [http://pgl.yoyo.org/adservers/] blocking lists.
+
This ad blocking is using [http://pgl.yoyo.org/adservers/ http://pgl.yoyo.org/adservers/] blocking lists.
  
 
Install Squid as laid out in [[How to setup secure outbound web access]]
 
Install Squid as laid out in [[How to setup secure outbound web access]]
  
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS using:
 +
nano /etc/squid/squid.conf
 
Add these two lines below:
 
Add these two lines below:
 
     acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex"
 
     acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex"
Line 74: Line 75:
 
  chmod 755 /etc/cron.daily/getadblock.sh
 
  chmod 755 /etc/cron.daily/getadblock.sh
  
Configure your browser to use a proxy on 192.168.80.1, port 3128 and try to access some sites. Use tail on /var/log/squid/access.log to ensure squid was used. If all is ok, proceed to the next line.
+
To add auto configure (i.e. no config needed in your browser to make this work):
 +
Add a PAC auto config file to the Apache directory:
 +
 
 +
nano /var/www/wpad.pac
 +
function FindProxyForURL(url, host)
 +
{
 +
  return "PROXY 192.168.80.1:3128 ; DIRECT";
 +
}
 +
 
 +
Add PAC function to the DHCP daemon:
 +
 
 +
sudo nano /etc/dhcp3/dhcpd.conf
 +
add these lines after "option subnet-mask 255.255.255.0;"
 +
 
 +
option wpad code 252 = text;
 +
option wpad "http://192.168.80.1/wpad.pac";
 +
 +
class "MSFT" {
 +
        match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
 +
        option dhcp-parameter-request-list =
 +
                                concat(option dhcp-parameter-request-list, fc);
 +
}
 +
 
 +
Restart the DHCP daemon
 +
 +
sudo restart dhcp-server

Latest revision as of 15:44, 23 December 2011

This ad blocking is using http://pgl.yoyo.org/adservers/ blocking lists.

Install Squid as laid out in How to setup secure outbound web access

Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS using:

nano /etc/squid/squid.conf

Add these two lines below:

   acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex"
   http_access deny ads

Create a script file, e.g. nano /etc/cron.daily/getadblock.sh

#!/bin/sh

### short script that downloads a list of ad servers for use with squid to block ads.
###
### details on configuring squid itself can be found here:
###
###    http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
### - LMCE 10.04 adjustments by Joakim Lindbom

## set things

# URL of the ad server list to download
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0&mimetype=plaintext' 

# location of the list of ad servers used by Squid
targetfile='/etc/squid/squid.adservers.regex'

# location of a file where hostnames not listed can be added
extrasfile='/etc/squid/squid-extra.adservers' 

# command to reload squid - change according to your system
reloadcmd='restart squid' 

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list (alternatives commented out)
fetchcmd="wget -q $listurl -O $tmpfile"

# log file
logfile='/var/log/pluto/ad-blocker'

## do things
##
echo "$(date -R) Getting new refuse list" >> "$logfile"

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
       echo "$(date -R) temp file '$tmpfile' either doesn't exist or is empty; quitting" >> "$logfile"
       exit
fi

cp  $tmpfile $targetfile

# clean up
rm $tmpfile 

# restart Squid
$reloadcmd

Make it executable:

chmod 755 /etc/cron.daily/getadblock.sh

To add auto configure (i.e. no config needed in your browser to make this work): Add a PAC auto config file to the Apache directory:

nano /var/www/wpad.pac

function FindProxyForURL(url, host)
{
  return "PROXY 192.168.80.1:3128 ; DIRECT";
}

Add PAC function to the DHCP daemon:

sudo nano /etc/dhcp3/dhcpd.conf

add these lines after "option subnet-mask 255.255.255.0;"

option wpad code 252 = text;
option wpad "http://192.168.80.1/wpad.pac";

class "MSFT" {
        match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
        option dhcp-parameter-request-list =
                                concat(option dhcp-parameter-request-list, fc);
}

Restart the DHCP daemon

sudo restart dhcp-server