Using Proxy Server as an Ad Blocker

Discussion room for Proxy Server package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
eljones7
I'm New!
I'm New!
Posts: 1
Joined: Thu Dec 22, 2016 9:43 pm

Using Proxy Server as an Ad Blocker

Postby eljones7 » Thu Dec 22, 2016 11:27 pm

I have spent a month or so of spare time getting this to work and wanted to share my findings. I first tried using SquidGuard. It didn’t work with DSM 6.x. However, learned the process used by SquidGuard will work with Proxy Server (PS) after a few changes.

I use Putty and windows Telnet program, sudo the Linux command line utility to execute commands as root and nano a Linux command line text editor. Instructions for these utilities are easily found via Google. Or use you own favorite tools. Most of the command line instructions will need to have root authority to complete.

I use Synology DS1813+ with an Intel processor. Be sure to use versions of the utilities listed complied for your NAS.

I am not a command line programmer, but I can debug well enough to hammer this out. My thanks to the sample code found on 'http://pgl.yoyo.org/’ and the people that wrote it.
The usual statement… These instructions may cause loss of data or failure of your NAS. Use at your own risk!!!

Here are my steps:

Install Proxy Server from the Package Center on your Synology NAS.
--> a. Enable caching
--> b. Enable Logging (this was necessary for debugging and is not needed once everything is working).
--> c. Everything else is the default and I didn’t use Automatic Discovery.

Make sure the Proxy Server is working!!!
--> a. You will need to set your web browser or network connection to use manual proxy settings. I used the default port of 3128.
--> b. Check the PS logs to verify it’s working.

Make sure the Telnet Service is running in the Control Panel on your NAS.

Log into your NAS with Telnet.
--> a. I use Putty. Any one will do.

Navigate to ‘/var/packages/ProxyServer/target/squid/etc/’ and edit ‘squid.conf’ using your favorite Linux text editor. (I installed nano and the sudo command, both can be found with a quick Google.)
--> a. Almost at the top of the file you will find a few lines for ‘auth_param basic’. They are on lines 4 and 5 on my conf file. Create a new line after them and add ‘ acl ads dstdom_regex -i "/var/packages/ProxyServer/target/squid/etc/squid.adservers” ‘. Do not add the single quotes at the beginning and end of the line. But it should end in a double quote.
--> b. Now scroll down to the end of a group of ‘http_access’ statements. They should be around line 23-25 or so. At the end of the ‘http_access’ statements add a new line containing, ‘http_access deny ads’. Again, no quotes.

The first line you added will point to a blacklist file we will create next. The ‘acl’ statement means access control list and ‘ads’ is the name of the list.

The http_access portion allows us to set a rule for squid. In our case ‘deny ads’. So anything in our ‘squid.adservers’ file will be blocked.

Save the squid.conf file.

Now we will create the squid.adservers file. Make sure you are still in the ‘/var/packages/ProxyServer/target/squid/etc/’ directory. Type: ‘wget -q 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext' -O squid.adservers’. Again, no outside single quotes.
--> a. This command will download an ad blacklist from http://pgl.yoyo.org/ in the correct format for squid. This is a REGEX format, not a text listing of site urls. The file can be edited or viewed with a text editor, but may look different than expected. It has two advantages over a text list.
--> --> i. It uses wild cards to block an entire site.
--> --> ii. It’s much faster than using a text list.

Now execute '/var/packages/ProxyServer/target/bin/squid -k reconfigure'. This will force squid (Proxy Server) to reload it’s conf files and activate your list. Any messages you get when running it via Telnet are errors.

Test the ad blocking
--> a. Go to a familiar website. You should see blank spots where the ads would be.

Now let’s add an option to add our own sites to blacklist by creating a file for them. Don’t manually edit the squid.adservers as it will be overwritten anytime we update the list from http://pgl.yoyo.org/.
--> a. I put mine in a location that’s easier to get to than inside the PS install directory tree. I used my user home directory. I already have other command files there.
--> b. At the Telnet command line type: ‘cd ~’. This will take you to your home dir.
--> c. I created a directory called, ‘squidUpdate’. But you may put it where ever you like. But, remember the location for our next step.
--> d. I created a text file named: ‘squid-extra.adservers’ in the ‘squidUpdate’ folder.
--> e. Inside the folder is a single line (so far): ‘(^|\.)revcontent\.com$’. Again, no single quotes at the start and end of the line. This is the name of a site that puts crap site links at the bottom of Safari on my iPhone. Remember the syntax is REGEX and it will block any url that contains ‘revcontent.com’ in it.

Create a shell command file to download updates from http://pgl.yoyo.org/ and merge our personal blacklist file.

--> a. Using your text editor create a new file named: getAds.sh
--> b. Past the following code into the file and save it:

#!/bin/sh

### short script that downloads a list of ad servers for use with
### squid to block ads.
###
### details on configuring squid itself can be found here:
###
### http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
### - modified by Eric Jones <eljones7@cox.net>
### - for use with Synology ProxyServer
###

## set things
##

# URL of the ad server list to download
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'

# location of the list of ad servers used by Squid
targetfile='/var/packages/ProxyServer/target/squid/etc/squid.adservers'

# location of a file where hostnames not listed can be added
# UPDATE PATH and FILE FOR YOUR SYSTEM
# MUST BE IN REGEX FORMAT
# SEE squid.adservers FOR EXAMPLES
extrasfile='/volume3/homes/admin/squidUpdate/squid-extra.adservers'

# command to reload squid - change according to your system
reloadcmd='/var/packages/ProxyServer/target/bin/squid -k reconfigure'

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list
fetchcmd="wget -q $listurl -O $tmpfile"


## do things
##

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
echo "temp file '$tmpfile' either doesn't exist or is empty; quitting"
exit
fi

# sort and filter out duplicates
sort $tmpfile > $targetfile

# clean up
rm $tmpfile

# restart Squid
$reloadcmd

--> c. Be sure to update the ‘targetfile’ and ‘extrasfile’ to match your path and file names.
--> d. Get the time and date from the first blacklist we downloaded. Type: ‘ls -l /var/packages/ProxyServer/target/squid/etc/squid.adservers’. You should get a return that looks something like: ‘-rw-r--r-- 1 root root 59008 Dec 22 14:37 /var/packages/ProxyServer/target/squid/etc/squid.adservers’.
--> e. Notice the time and date (i.e. Dec 22 14:37)
--> f. Now execute the getAds.sh command by typing: ‘./getAds.sh’. Be sure the put the leading period before the slash if you are running it from the same directory you created it in. It may also require admin rights to run. Any text that is returned represents and error.
--> g. Assuming all went well, rerun: ‘ls -l /var/packages/ProxyServer/target/squid/etc/squid.adservers’ and compare the dates. They should be different because getAds.sh downloaded a newer version.

Finally, use the Task Scheduler in the Control Panel to create a task that will run the update shell script. Be sure to set User to root. I have mine run once a week. Don’t set it to run multiple times a day. The list doesn’t change that often and you’ll be a nuisance to the fine people at http://pgl.yoyo.org/ that provide the list.

Hope it works as well you for as it has for me.

Return to “Proxy Server”

Who is online

Users browsing this forum: No registered users and 1 guest