/* Void Main's Red Hat/Fedora Tips */

{ Red Hat/Fedora Tips(); } else { main(); }
Zapping Ads with Squid and adzapper
#include <stddisclaimer.h>

Tired of seeing those stupid ads like "Your computer is broadcasting an IP address"? Tired of surfing http://newsforge.com/ and seeing all of those Microsoft ads? If you are interested in surfing the Internet advertisement free then this tip is for you.

Pros: Filter out advertisements and JavaScript popups. Not just for your local browser but for any browser on any machine on your network.

Squid is a very powerful caching proxy server that is capable of doing much more than filtering ads but I will limit this tip to just the ad filtering. Some of the other uses are user authentication and access restriction to the Internet. In my house when you open any browser on any machine it pops up with an authentication box. If one of my kids enter their ID and password they are restricted to where they can go. My wife and I have unrestricted access. I have written a nice little interface to easily add or remove sites from several access lists. Uh, I forgot I was going to limit this to ad zapping only, sorry about that. :)

Cons: None that I can think of.

Ok, I'm convinced, now how do I set this up?

Let us begin:

Bear in mind these instructions are going to be somewhat Red Hat specific but should work on any distro with slight modifications to the instructions. First make sure you have the necessary RPM installed:

# rpm  -q  squid

Which should show you have the following RPM installed (you may have a different version but it shouldn't matter):

squid-2.4.STABLE7-4

If you do not have this RPM installed either install it from your Red Hat CD or if you have installed "apt" according to this tip you can just install it by:

$ su  -
(enter root's password)
# apt-get  install  squid
# chkconfig  squid  on
# service  squid  start

Now download the adzapper update script and make it executable and viewable only by root:

# cd  /etc/squid
# wget  http://voidmain.is-a-geek.net/files/scripts/update-zapper
# chown  root:root  update-zapper
# chmod  700  update-zapper


If you are running a later version of Red Hat the update-zapper script should be configured properly. If you are running some other distro, edit that script and modify the file location variables accordingly.

Now run the update-zapper which should automatically download the latest adzapper Perl script from sourceforge:

# ./update-zapper

If the script ran properly you should now see an executable Perl script named squid_redirect

# ls  squid_redirect

Now you want to edit the squid.conf file with your favorite text editor and search for the section containing the tag redirect_program. This is where we tell Squid to use the ad zapper script. As you can see by the screenshot I have added the line "redirect_program /etc/squid/squid_redirect" in that section (around line 891):

redirect_program /etc/squid/squid_redirect

In addition, you will likely want to grant access to your entire local network so your other machines can use this new proxy server. Search for the line that reads:

acl  localhost  src  127.0.0.1/255.255.255.255

Add a line right below it for your local ip address range and name the acl "mynetwork" (my local network IP address range is 192.168.0.1 through 192.168.0.254 in the example below):

acl  mynetwork  src  192.168.0.0/255.255.255.0

acl mynetwork src 192.168.0.0/255.255.255.0

Then search for the line:

http_access  allow  localhost

Add a line right below it (make sure it's before the line that reads http_access deny all) to grant your local ip address range access to this proxy server:

http_access  allow  mynetwork

http_access allow mynetwork

Now save/exit the squid.conf and reload Squid:

# service  squid   reload

Well that's all there is to configuring Squid to block ads. You now have to configure the proxy settings in your browser or browsers to point to the server you installed Squid on, and use port 3128 (this is the default Squid proxy port, you can change it in the squid.conf if you like):

Proxy Settings in Mozilla

After configuring your browser's proxy settings you should be able to browse like normal but instead of getting those annoying advertisements you will see "This Ad Zapped".

Now you will want to add an entry to root's crontab to run the update-zapper script periodically to automatically keep your zapper updated. I have mine set to automatically update once a week although I don't believe script changes are made that often:

# crontab  -e

And add this line:

0  2  *  *  0   /etc/squid/update-zapper

Which will update the squid_redirect script (the brains of the ad blocking) every Sunday at 2:00am, only if the script on the web site is newer than yours.

If all goes well you are done. Well, you might want to configure Squid to do authentication and more detailed access control at a later time but this should get you going. I suggest you read over the adzapper web site, the Squid web site, and if you are new to Linux you might want to install the Webmin web based administration tool to graphically configure squid and modify your rules.

I may even clean up my personal access control web scripts and make them available on a future tip. I was using my web based authentication scripts in a corporate environment to set up groups of users and web sites and ip ranges and restrict access based on those groups. Users were added to groups and sites were added to block lists through my web interface. Authentication was performed based on NT domain IDs and passwords. I still use it at home and use a Linux based PDC for authentication.

If you have any trouble with these instructions, or feel they can be improved upon, or just want to make a comment, leave a note in the forums and I'll fix it up.

References:
adzapper
Squid
squidGuard (acl banned lists)
DansGuardian (True Content Filtering)
webmin
Forum topic on Squid + Content Filtering
This tip in Portuguese

Have fun!

Forums

Valid HTML 4.01!