Reuse a Pi – Proxy server

The Raspberry Pi was (and still is) an incredible computer. It was the size of a small deck of cards, ran Linux, could manipulate other devices via the GPIO pins, cost only 35 dollars and is just as capable as a normal personal computer.

If one was good then two must be better and so some how I ended up buying a few of them.  I did create my own little weather station and to fool around with other Arduino peripherals.  It was a lot of fun but somehow they got set aside in a shoe box.

It seems to be a shame to not use these so I am trying to find a use for these devices.  The first use was to create a Airprint server so my wife could print from her Ipad.

What is a proxy server

A proxy server is simply a server that is acting as a gateway between two networks. Typically the second network is the internet.  There are a number of different types of proxy server’s that can be installed.

Cache server The server saves the internet content locally.  This makes subsequent calls by either the same or different clients faster as the information is cached locally.

The server is defined to listen to a specific port and the client must be specifically configured to use that proxy server.

Transparent server A transparent server performs the same function as a cache server but with a single distinction.

The client does not have to be specifically configured nor know that a proxy server exists.

Reverse server A reverse proxy performs a similar function of caching results but instead of running on the client’s network for the benefit of the client’s company it runs for the benefit of the web server.  Its goal is to reduce the load from the web server.

Installing a proxy server

In the open source world there is seldom a single option for any given software solution. This is true from web servers to office suites.  There is undoubtedly a number of proxy servers as well but the one that kept coming up in my searches was Squid.

Installing squid on the Raspberry Pi is just as matter of the following apt-get command.

apt-get install squid3

This is a small and self contained program.  The program squid3 is installed into /etc/squid3 along with the squid.conf configuration file.

The default configuration for squid won’t let anything through, you will need to make a few tiny changes.  Below are a few extracts from the configuration.

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 192.168.178.0/24

In this excerpt I needed to add line 9 for my network.

 

The change above is used in conjunction with a second change to the configuration file, line 8 below to use this “localnet”.

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost 

This is actually the only configuration that is necessary in order to use the proxy server.

 

However it is possible to add a few additional lines to try and filter out advertisements a bit.  Just add them at the spot highlighted in the configuration file. This small insert allows me to define places on the internet in a text file or text files of locations that I don’t want to be accessible.

## disable ads 
acl ads dstdom_regex "/etc/squid3/ad_block.txt"
http_access deny ads
deny_info TCP_RESET ads

acl urlads url_regex "/etc/squid3/adurl_block.txt"
http_access deny urlads
#deny_info TCP_RESET urlads

For my proxy server I have setup two text files. The first one is for sites that I want filtered out.  The second text file could contain url’s for sites that deliver advertisements. This makes it easy to either reduce the advertisements for the sites you want to visit while preventing unsavory sites from getting through.

 

Blocking the URL’s is as simple as you think.  Simply enter the name of the website that you would normally enter into your browser.

adurl_block.txt
www.nakedgirls.com
www.myspace.com

The same is true for blocking the ads as well.  It is harder to give a clear list of which domains are serving advertisements.  It is probably best to find a blacklist of those domains.

There are other sites that are dedicated to keeping up-to-date lists for these advertisement domains. I don’t feel that I am adding any additional value by providing that here.  If you want such a list then you should go and find one of those sites.

https://www.calomel.org/squid_adservers.html

This site also has additional information on how to setup squid.  If you want to learn more visit calomel.org.

Setting up the client

The squid proxy server will look at port 3128 by default.

# Squid normally listens to port 3128
http_port 3128

So when setting up the browser to use the new proxy server point it to the raspberry pi and to this port.

Other notes

When updating the different ad blocking text files you could get these values reloaded by restarting squid or by running the reconfigure option which will re-process the configuration file.

squid3 -k reconfigure

 

This entry was posted in Setup From Scratch. Bookmark the permalink.