Ad blocking with Squid

[JoakimL]

I fiddled a little with Squid today and now ad blocking is working with LMCE. Follow these instructions: http://wiki.linuxmce.org/index.php/Squid_as_ad_blocker

/Joakim

[JoakimL]

And now with auto config using PAC broadcast via DHCP.

/Joakim

[tschak909]

I wonder if we could have this integrated into LinuxMCE. Do you have a patch?

-Thom

[JoakimL]

I'm not sure how to make a patch. I could make a script that does all the changes to the config files, if that's ok.

/Joakim

[tschak909]

If you make the changes within a source tree checked out by SVN, you can go to the top of the tree, and do an svn diff > mypatchfile.patch   

-Thom

[JoakimL]

OK, a try for my first diff. I couldn't use SVN (no source tree, I edited the files in the filesystem directly).
I did a diff for the four files and concatednated into one file. However, I'm not sure about the exact syntax for this; I've edited the old and new file names - can you check if this looks OK?

/Joakim

Code: [Select]

diff -Naur /etc/cron.daily/getadblock.sh /etc/cron.daily/getadblock.sh
--- /etc/cron.daily/getadblock.sh 1970-01-01 01:00:00.000000000 +0100
+++ /etc/cron.daily/getadblock.sh 2011-12-23 21:33:02.010158088 +0100

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+### short script that downloads a list of ad servers for use with squid to block ads.
+###
+### details on configuring squid itself can be found here:
+###
+###    http://pgl.yoyo.org/adservers/#withsquid
+###
+### - originally by Stephen Patterson <steve@lexx.uklinux.net>
+### - butchered by Peter Lowe <pgl@yoyo.org>
+### - some LMCE additions by Joakim Lindbom
+
+## set things
+
+# URL of the ad server list to download
+listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0&mimetype=plaintext'
+
+# location of the list of ad servers used by Squid
+targetfile='/etc/squid/squid.adservers.regex'
+
+# location of a file where hostnames not listed can be added
+extrasfile='/etc/squid/squid-extra.adservers'
+
+# command to reload squid - change according to your system
+reloadcmd='restart squid'
+
+# temp file to use
+tmpfile="/tmp/.adlist.$$"
+
+# command to fetch the list (alternatives commented out)
+fetchcmd="wget -q $listurl -O $tmpfile"
+
+# log file
+logfile='/var/log/pluto/ad-blocker'
+
+## do things
+##
+echo "$(date -R) Getting new refuse list" >> "$logfile"
+
+# get a fresh list of ad server addresses for squid to refuse
+$fetchcmd
+
+# add the extras
+[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile
+
+# check the temp file exists OK before overwriting the existing list
+if [ ! -s $tmpfile ]
+then
+ echo "$(date -R) temp file '$tmpfile' either doesn't exist or is empty; quitting" >> "$logfile"
+ exit
+fi
+
+cp  $tmpfile $targetfile
+
+# clean up
+rm $tmpfile
+
+# restart Squid
+$reloadcmd
diff -Naur /var/www/wpad.pac /var/www/wpad.pac
--- /var/www/wpad.pac 1970-01-01 01:00:00.000000000 +0100
+++ /varnew/wpad.pac 2011-12-23 21:31:36.212193650 +0100
@@ -0,0 +1,4 @@
+function FindProxyForURL(url, host)
+{
+  return "PROXY 192.168.80.1:3128 ; DIRECT";
+}
diff -Naur /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf
--- /etc/dhcp3/dhcpd.conf 2011-12-23 15:01:38.218633928 +0100
+++ /etc/dhcp3/dhcpd.conf 2011-12-23 21:20:10.680518469 +0100
@@ -25,16 +25,6 @@
 
 option routers 192.168.80.1;
 option subnet-mask 255.255.255.0;
+#JL start
+option wpad code 252 = text;
+option wpad "http://192.168.80.1/wpad.pac";
+
+class "MSFT" {
+        match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
+        option dhcp-parameter-request-list =
+                                concat(option dhcp-parameter-request-list, fc);
+}
+#JL end
diff -Naur /etc/squid/squid.conf /etc/squid/squid.conf
--- /etc/squid/squid.conf 2011-12-23 21:28:06.029187120 +0100
+++ /etc/squid/squid.conf 2011-12-23 21:28:16.196945327 +0100
@@ -601,14 +601,16 @@
 acl all src all
 acl manager proto cache_object
 acl localhost src 127.0.0.1/32
+acl dcerouterlocalnet src 192.168.80.0/24
 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
 #
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
-acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
-acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
+#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
+#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src 192.168.80.0/24
 #
 acl SSL_ports port 443 # https
 acl SSL_ports port 563 # snews
@@ -670,11 +672,15 @@
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 
+acl ads dstdom_regex -i  "/etc/squid/squid.adservers.regex"
+http_access deny ads
+
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
 http_access allow localhost
+http_access allow dcerouterlocalnet
 
 # And finally deny all other access to this proxy
 http_access deny all


[tschak909]

Can you please check out a copy of the source tree with svn:

svn co http://svn.linuxmce.org/svn/branches/LinuxMCE-1004/

and make the changes within that? This will provide something that we can cleanly apply to our source tree, and it will provide you access to our source code.

-Thom