Using Proxy Server as an Ad Blocker

Discussion room for Proxy Server package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/support_form.php?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
eljones7
I'm New!
I'm New!
Posts: 1
Joined: Thu Dec 22, 2016 9:43 pm

Using Proxy Server as an Ad Blocker

Postby eljones7 » Thu Dec 22, 2016 11:27 pm

I have spent a month or so of spare time getting this to work and wanted to share my findings. I first tried using SquidGuard. It didn’t work with DSM 6.x. However, learned the process used by SquidGuard will work with Proxy Server (PS) after a few changes.

I use Putty and windows Telnet program, sudo the Linux command line utility to execute commands as root and nano a Linux command line text editor. Instructions for these utilities are easily found via Google. Or use you own favorite tools. Most of the command line instructions will need to have root authority to complete.

I use Synology DS1813+ with an Intel processor. Be sure to use versions of the utilities listed complied for your NAS.

I am not a command line programmer, but I can debug well enough to hammer this out. My thanks to the sample code found on 'http://pgl.yoyo.org/’ and the people that wrote it.
The usual statement… These instructions may cause loss of data or failure of your NAS. Use at your own risk!!!

Here are my steps:

Install Proxy Server from the Package Center on your Synology NAS.
--> a. Enable caching
--> b. Enable Logging (this was necessary for debugging and is not needed once everything is working).
--> c. Everything else is the default and I didn’t use Automatic Discovery.

Make sure the Proxy Server is working!!!
--> a. You will need to set your web browser or network connection to use manual proxy settings. I used the default port of 3128.
--> b. Check the PS logs to verify it’s working.

Make sure the Telnet Service is running in the Control Panel on your NAS.

Log into your NAS with Telnet.
--> a. I use Putty. Any one will do.

Navigate to ‘/var/packages/ProxyServer/target/squid/etc/’ and edit ‘squid.conf’ using your favorite Linux text editor. (I installed nano and the sudo command, both can be found with a quick Google.)
--> a. Almost at the top of the file you will find a few lines for ‘auth_param basic’. They are on lines 4 and 5 on my conf file. Create a new line after them and add ‘ acl ads dstdom_regex -i "/var/packages/ProxyServer/target/squid/etc/squid.adservers” ‘. Do not add the single quotes at the beginning and end of the line. But it should end in a double quote.
--> b. Now scroll down to the end of a group of ‘http_access’ statements. They should be around line 23-25 or so. At the end of the ‘http_access’ statements add a new line containing, ‘http_access deny ads’. Again, no quotes.

The first line you added will point to a blacklist file we will create next. The ‘acl’ statement means access control list and ‘ads’ is the name of the list.

The http_access portion allows us to set a rule for squid. In our case ‘deny ads’. So anything in our ‘squid.adservers’ file will be blocked.

Save the squid.conf file.

Now we will create the squid.adservers file. Make sure you are still in the ‘/var/packages/ProxyServer/target/squid/etc/’ directory. Type: ‘wget -q 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext' -O squid.adservers’. Again, no outside single quotes.
--> a. This command will download an ad blacklist from http://pgl.yoyo.org/ in the correct format for squid. This is a REGEX format, not a text listing of site urls. The file can be edited or viewed with a text editor, but may look different than expected. It has two advantages over a text list.
--> --> i. It uses wild cards to block an entire site.
--> --> ii. It’s much faster than using a text list.

Now execute '/var/packages/ProxyServer/target/bin/squid -k reconfigure'. This will force squid (Proxy Server) to reload it’s conf files and activate your list. Any messages you get when running it via Telnet are errors.

Test the ad blocking
--> a. Go to a familiar website. You should see blank spots where the ads would be.

Now let’s add an option to add our own sites to blacklist by creating a file for them. Don’t manually edit the squid.adservers as it will be overwritten anytime we update the list from http://pgl.yoyo.org/.
--> a. I put mine in a location that’s easier to get to than inside the PS install directory tree. I used my user home directory. I already have other command files there.
--> b. At the Telnet command line type: ‘cd ~’. This will take you to your home dir.
--> c. I created a directory called, ‘squidUpdate’. But you may put it where ever you like. But, remember the location for our next step.
--> d. I created a text file named: ‘squid-extra.adservers’ in the ‘squidUpdate’ folder.
--> e. Inside the folder is a single line (so far): ‘(^|\.)revcontent\.com$’. Again, no single quotes at the start and end of the line. This is the name of a site that puts crap site links at the bottom of Safari on my iPhone. Remember the syntax is REGEX and it will block any url that contains ‘revcontent.com’ in it.

Create a shell command file to download updates from http://pgl.yoyo.org/ and merge our personal blacklist file.

--> a. Using your text editor create a new file named: getAds.sh
--> b. Past the following code into the file and save it:

#!/bin/sh

### short script that downloads a list of ad servers for use with
### squid to block ads.
###
### details on configuring squid itself can be found here:
###
### http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
### - modified by Eric Jones <eljones7@cox.net>
### - for use with Synology ProxyServer
###

## set things
##

# URL of the ad server list to download
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'

# location of the list of ad servers used by Squid
targetfile='/var/packages/ProxyServer/target/squid/etc/squid.adservers'

# location of a file where hostnames not listed can be added
# UPDATE PATH and FILE FOR YOUR SYSTEM
# MUST BE IN REGEX FORMAT
# SEE squid.adservers FOR EXAMPLES
extrasfile='/volume3/homes/admin/squidUpdate/squid-extra.adservers'

# command to reload squid - change according to your system
reloadcmd='/var/packages/ProxyServer/target/bin/squid -k reconfigure'

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list
fetchcmd="wget -q $listurl -O $tmpfile"


## do things
##

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
echo "temp file '$tmpfile' either doesn't exist or is empty; quitting"
exit
fi

# sort and filter out duplicates
sort $tmpfile > $targetfile

# clean up
rm $tmpfile

# restart Squid
$reloadcmd

--> c. Be sure to update the ‘targetfile’ and ‘extrasfile’ to match your path and file names.
--> d. Get the time and date from the first blacklist we downloaded. Type: ‘ls -l /var/packages/ProxyServer/target/squid/etc/squid.adservers’. You should get a return that looks something like: ‘-rw-r--r-- 1 root root 59008 Dec 22 14:37 /var/packages/ProxyServer/target/squid/etc/squid.adservers’.
--> e. Notice the time and date (i.e. Dec 22 14:37)
--> f. Now execute the getAds.sh command by typing: ‘./getAds.sh’. Be sure the put the leading period before the slash if you are running it from the same directory you created it in. It may also require admin rights to run. Any text that is returned represents and error.
--> g. Assuming all went well, rerun: ‘ls -l /var/packages/ProxyServer/target/squid/etc/squid.adservers’ and compare the dates. They should be different because getAds.sh downloaded a newer version.

Finally, use the Task Scheduler in the Control Panel to create a task that will run the update shell script. Be sure to set User to root. I have mine run once a week. Don’t set it to run multiple times a day. The list doesn’t change that often and you’ll be a nuisance to the fine people at http://pgl.yoyo.org/ that provide the list.

Hope it works as well you for as it has for me.
staxim
I'm New!
I'm New!
Posts: 9
Joined: Tue Nov 19, 2013 5:04 pm

Re: Using Proxy Server as an Ad Blocker

Postby staxim » Sat Nov 04, 2017 9:05 pm

This was awesome, and works like a charm on DSM 6.1. Thanks for posting, Eric.

I only needed the default ad-block list (I did not need to add my own), which simplified things a bit. I regurgitated some quick instructions below, just in case it's useful to anyone.

1. Install the Proxy Server package.
Just go to Package Manager in DSM and install Proxy Server.

2. Edit squid.conf to tell it about your ad file.
Ssh to the box, and edit the file /var/packages/ProxyServer/target/squid/etc/squid.conf

You're going to add 2 lines to this file. First, under the auth_param section, you're going to add:

Code: Select all

acl ads dstdom_regex -i "/var/packages/ProxyServer/target/squid/etc/squid.adservers"

Next, in the http_access section you're going to add:

Code: Select all

http_access deny ads

After this was done, the top half of my squid.conf looks like this (DSM 6.1):

Code: Select all

#----------
auth_param basic children 5
auth_param basic credentialsttl 2 hours

# added for ad blocking
acl ads dstdom_regex -i "/var/packages/ProxyServer/target/squid/etc/squid.adservers"


acl Safe_ports_syno port 80      # http
acl Safe_ports_syno port 21      # ftp
acl Safe_ports_syno port 443      # https
acl Safe_ports_syno port 70      # gopher
acl Safe_ports_syno port 210      # wais
acl Safe_ports_syno port 1025-65535   # unregistered ports
acl Safe_ports_syno port 280      # http-mgmt
acl Safe_ports_syno port 488      # gss-http
acl Safe_ports_syno port 591      # filemaker
acl Safe_ports_syno port 777      # multiling http
#----------
include /var/packages/ProxyServer/target/squid/etc/acl_syno.conf
#----------

http_access deny !Safe_ports_syno
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localhost
http_access deny ads         # ad blocking
#----------
include /var/packages/ProxyServer/target/squid/etc/access_syno.conf
#----------
http_access deny all

coredump_dir /var/packages/ProxyServer/target/squid/var/logs/
...

3. Create getAds.sh
Now (still in ssh) you're going to add a new file /var/packages/ProxyServer/target/squid/etc/getAds.sh, the contents of which are below.

Here's the script that downloads an updated squid.adservers file:

Code: Select all

#!/bin/sh

### short script that downloads a list of ad servers for use with
### squid to block ads.
###
### details on configuring squid itself can be found here:
###
### http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
### - modified by Eric Jones <eljones7@cox.net>
### - for use with Synology ProxyServer
###

## set things
##

# URL of the ad server list to download
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'

# location of the list of ad servers used by Squid
targetfile='/var/packages/ProxyServer/target/squid/etc/squid.adservers'

# command to reload squid - change according to your system
reloadcmd='/var/packages/ProxyServer/target/bin/squid -k reconfigure'

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list
fetchcmd="wget -q $listurl -O $tmpfile"

## do things
##

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
echo "temp file '$tmpfile' either doesn't exist or is empty; quitting"
exit
fi

# sort and filter out duplicates
sort $tmpfile > $targetfile

# clean up
rm $tmpfile

# restart Squid
$reloadcmd

4. Setup Task Scheduler to update weekly.
Lastly, just use the Task Scheduler (in the System section of the DSM Control Panel) to run your /var/packages/ProxyServer/target/squid/etc/getAds.sh script once a week (as root).

Return to “Proxy Server”

Who is online

Users browsing this forum: No registered users and 1 guest