DĂ©c 272013

For a while, I was (very) upset with ads on my tablets (android and ipad).
And unlike browsers on my windows (firefox or chrome) I could not find something like adblock for ipad.

Therefore I decided to setup a squid on my synology ds210j and to setup an adblock like in squid.
And success, no more nasty popups, quicker web sites, etc 🙂

the steps:

-install ipkg (see here for an how to, in french sorry).
-install squid : ipkg install squid
-customize squid.conf
-use a list of domain you wish to block (i used a list from this site)

my list of blocked domains : denied_domains

my squid.conf

negative_dns_ttl 10 second
connect_timeout 60 second
read_timeout 60 second
request_timeout 60 second
cache_dir ufs /opt/var/squid/cache 512 16 256
cache_access_log /opt/var/squid/logs/access.log
cache_log /opt/var/squid/logs/debug
cache_store_log /opt/var/squid/logs/storage
acl all src all
acl manager proto cache_object
acl localhost src
acl to_localhost dst

acl localnet src

#on which ports do we allow connections using the proxy
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl purge method PURGE
#acl url_ads url_regex "/opt/etc/squid/denied_ads.txt"
acl denied_domains dstdomain "/opt/etc/squid/denied_domains.txt"

#http_access deny url_ads
http_access deny denied_domains
http_access allow localnet
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
miss_access allow all

http_port 8080

via off
forwarded_for off
header_access From deny all
header_access Server deny all
header_access WWW-Authenticate deny all
header_access Link deny all
header_access Cache-Control deny all
header_access Proxy-Connection deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Pragma deny all
header_access Keep-Alive deny all

note : you can use the dns_nameservers directive in squid.conf to use specific dns servers (i use opendns).
note : you can set a vpn client on your synology and your proxy will then use a different network (i use vyrvpn from giganews)
note : you can tweak your dhcp server to set the proxy for your clients automatically (see here)

 Posted by at 23 h 10 min

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.