Squid as ad blocker

From LinuxMCE
Revision as of 15:35, 23 December 2011 by JoakimL (Talk | contribs)

Jump to: navigation, search

This ad blocking is using [1] blocking lists.

Install Squid as laid out in How to setup secure outbound web access

Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS Add these two lines below:

   acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex"
   http_access deny ads

Create a script file, e.g. nano /etc/cron.daily/getadblock.sh

#!/bin/sh

### short script that downloads a list of ad servers for use with squid to block ads.
###
### details on configuring squid itself can be found here:
###
###    http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
### - LMCE 10.04 adjustments by Joakim Lindbom

## set things

# URL of the ad server list to download
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0&mimetype=plaintext' 

# location of the list of ad servers used by Squid
targetfile='/etc/squid/squid.adservers.regex'

# location of a file where hostnames not listed can be added
extrasfile='/etc/squid/squid-extra.adservers' 

# command to reload squid - change according to your system
reloadcmd='restart squid' 

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list (alternatives commented out)
fetchcmd="wget -q $listurl -O $tmpfile"

# log file
logfile='/var/log/pluto/ad-blocker'

## do things
##
echo "$(date -R) Getting new refuse list" >> "$logfile"

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
       echo "$(date -R) temp file '$tmpfile' either doesn't exist or is empty; quitting" >> "$logfile"
       exit
fi

cp  $tmpfile $targetfile

# clean up
rm $tmpfile 

# restart Squid
$reloadcmd

Make it executable:

chmod 755 /etc/cron.daily/getadblock.sh

To add auto configure (i.e. no config needed in your browser to make this work): Add a PAC auto config file to the Apache directory:

nano /var/www/wpad.pac

function FindProxyForURL(url, host)
{
  return "PROXY 192.168.80.1:3128 ; DIRECT";
}

Add PAC function to the DHCP daemon:

sudo nano /etc/dhcp3/dhcpd.conf

add these lines after "option subnet-mask 255.255.255.0;"

option wpad code 252 = text;
option wpad "http://192.168.80.1/wpad.pac";

class "MSFT" {
        match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
        option dhcp-parameter-request-list =
                                concat(option dhcp-parameter-request-list, fc);
}

Restart the DHCP daemon

sudo restart dhcp-server