The Raspberry Pi was (and still is) an incredible computer. It was the size of a small deck of cards, ran Linux, could manipulate other devices via the GPIO pins, cost only 35 dollars and is just as capable as a normal personal computer.
If one was good then two must be better and so some how I ended up buying a few of them. I did create my own little weather station and to fool around with other Arduino peripherals. It was a lot of fun but somehow they got set aside in a shoe box.
It seems to be a shame to not use these so I am trying to find a use for these devices. The first use was to create a Airprint server so my wife could print from her Ipad.
What is a proxy server
A proxy server is simply a server that is acting as a gateway between two networks. Typically the second network is the internet. There are a number of different types of proxy server’s that can be installed.
| Cache server | The server saves the internet content locally. This makes subsequent calls by either the same or different clients faster as the information is cached locally.
The server is defined to listen to a specific port and the client must be specifically configured to use that proxy server. |
| Transparent server | A transparent server performs the same function as a cache server but with a single distinction.
The client does not have to be specifically configured nor know that a proxy server exists. |
| Reverse server | A reverse proxy performs a similar function of caching results but instead of running on the client’s network for the benefit of the client’s company it runs for the benefit of the web server. Its goal is to reduce the load from the web server. |
Installing a proxy server
In the open source world there is seldom a single option for any given software solution. This is true from web servers to office suites. There is undoubtedly a number of proxy servers as well but the one that kept coming up in my searches was Squid.
Installing squid on the Raspberry Pi is just as matter of the following apt-get command.
apt-get install squid3
This is a small and self contained program. The program squid3 is installed into /etc/squid3 along with the squid.conf configuration file.
The default configuration for squid won’t let anything through, you will need to make a few tiny changes. Below are a few extracts from the configuration.
# Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src 192.168.178.0/24
In this excerpt I needed to add line 9 for my network.
The change above is used in conjunction with a second change to the configuration file, line 8 below to use this “localnet”.
# # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost
This is actually the only configuration that is necessary in order to use the proxy server.
However it is possible to add a few additional lines to try and filter out advertisements a bit. Just add them at the spot highlighted in the configuration file. This small insert allows me to define places on the internet in a text file or text files of locations that I don’t want to be accessible.
## disable ads acl ads dstdom_regex "/etc/squid3/ad_block.txt" http_access deny ads deny_info TCP_RESET ads acl urlads url_regex "/etc/squid3/adurl_block.txt" http_access deny urlads #deny_info TCP_RESET urlads
For my proxy server I have setup two text files. The first one is for sites that I want filtered out. The second text file could contain url’s for sites that deliver advertisements. This makes it easy to either reduce the advertisements for the sites you want to visit while preventing unsavory sites from getting through.
Blocking the URL’s is as simple as you think. Simply enter the name of the website that you would normally enter into your browser.
adurl_block.txt www.nakedgirls.com www.myspace.com
The same is true for blocking the ads as well. It is harder to give a clear list of which domains are serving advertisements. It is probably best to find a blacklist of those domains.
There are other sites that are dedicated to keeping up-to-date lists for these advertisement domains. I don’t feel that I am adding any additional value by providing that here. If you want such a list then you should go and find one of those sites.
This site also has additional information on how to setup squid. If you want to learn more visit calomel.org.
Setting up the client
The squid proxy server will look at port 3128 by default.
# Squid normally listens to port 3128 http_port 3128
So when setting up the browser to use the new proxy server point it to the raspberry pi and to this port.
Other notes
When updating the different ad blocking text files you could get these values reloaded by restarting squid or by running the reconfigure option which will re-process the configuration file.
squid3 -k reconfigure
