» Zapping Ads with Squid and adzapper
Tired of seeing those stupid ads like "Your computer is broadcasting an IP address"? Tired of surfing http://newsforge.com/ and seeing all of those Microsoft ads? If you are interested in surfing the Internet advertisement free then this tip is for you.
Squid is a very powerful caching proxy server that is capable of doing much more than filtering ads but I will limit this tip to just the ad filtering. Some of the other uses are user authentication and access restriction to the Internet. In my house when you open any browser on any machine it pops up with an authentication box. If one of my kids enter their ID and password they are restricted to where they can go. My wife and I have unrestricted access. I have written a nice little interface to easily add or remove sites from several access lists. Uh, I forgot I was going to limit this to ad zapping only, sorry about that. :)
Cons: None that I can think of.
Ok, I'm convinced, now how do I set this up?
Let us begin:
Bear in mind these instructions are going to be somewhat Red Hat specific but should work on any distro with slight modifications to the instructions. First make sure you have the necessary RPM installed:
# rpm -q squid
Which should show you have the following RPM installed (you may have a different version but it shouldn't matter):
If you do not have this RPM installed either install it from your Red Hat CD or if you have installed "apt" according to this tip you can just install it by:
$ su -
(enter root's password)
# apt-get install squid
# chkconfig squid on
# service squid start
Now download the adzapper update script and make it executable and viewable only by root:
# cd /etc/squid
# wget http://voidmain.is-a-geek.net/files/scripts/update-zapper
# chown root:root update-zapper
# chmod 700 update-zapper
If you are running a later version of Red Hat the update-zapper script should be configured properly. If you are running some other distro, edit that script and modify the file location variables accordingly.
Now run the update-zapper which should automatically download the latest adzapper Perl script from sourceforge:
If the script ran properly you should now see an executable Perl script named squid_redirect
# ls squid_redirect
Now you want to edit the squid.conf file with your favorite text editor and search for the section containing the tag redirect_program. This is where we tell Squid to use the ad zapper script. As you can see by the screenshot I have added the line "redirect_program /etc/squid/squid_redirect" in that section (around line 891):
In addition, you will likely want to grant access to your entire local network so your other machines can use this new proxy server. Search for the line that reads:
acl localhost src 127.0.0.1/255.255.255.255
Add a line right below it for your local ip address range and name the acl "mynetwork" (my local network IP address range is 192.168.0.1 through 192.168.0.254 in the example below):
acl mynetwork src 192.168.0.0/255.255.255.0
Then search for the line:
http_access allow localhost
Add a line right below it (make sure it's before the line that reads http_access deny all) to grant your local ip address range access to this proxy server:
http_access allow mynetwork
Now save/exit the squid.conf and reload Squid:
# service squid reload
Well that's all there is to configuring Squid to block ads. You now have to configure the proxy settings in your browser or browsers to point to the server you installed Squid on, and use port 3128 (this is the default Squid proxy port, you can change it in the squid.conf if you like):
After configuring your browser's proxy settings you should be able to browse like normal but instead of getting those annoying advertisements you will see "This Ad Zapped".
Now you will want to add an entry to root's crontab to run the update-zapper script periodically to automatically keep your zapper updated. I have mine set to automatically update once a week although I don't believe script changes are made that often:
# crontab -e
And add this line:
0 2 * * 0 /etc/squid/update-zapper
Which will update the squid_redirect script (the brains of the ad blocking) every Sunday at 2:00am, only if the script on the web site is newer than yours.
If all goes well you are done. Well, you might want to configure Squid to do authentication and more detailed access control at a later time but this should get you going. I suggest you read over the adzapper web site, the Squid web site, and if you are new to Linux you might want to install the Webmin web based administration tool to graphically configure squid and modify your rules.
I may even clean up my personal access control web scripts and make them available on a future tip. I was using my web based authentication scripts in a corporate environment to set up groups of users and web sites and ip ranges and restrict access based on those groups. Users were added to groups and sites were added to block lists through my web interface. Authentication was performed based on NT domain IDs and passwords. I still use it at home and use a Linux based PDC for authentication.
If you have any trouble with these instructions, or feel they can be improved upon, or just want to make a comment, leave a note in the forums and I'll fix it up.
squidGuard (acl banned lists)
DansGuardian (True Content Filtering)
Forum topic on Squid + Content Filtering
This tip in Portuguese