Setting up Transparent Content Filter on Gateway with Privoxy: Difference between revisions
mNo edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is. | These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is. |
Revision as of 18:45, 11 January 2016
These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is.
This is significantly lighter weight than squid+dansguardian or squid+squark; and may be suitable for a small home network.
Install Privoxy
- Install privoxy
apk add privoxy
- Edit the /etc/privoxy/config file, and edit the listen-address:
listen-address :8080 # We will be doing intercepting proxying accept-intercepted-requests 1
- Edit /etc/privoxy/default.filter. The default "sex" rule matches lots of javascript, like "trendsexplorer".
Search for "parental", and change the line regarding "sex" to:
s%^.*(?<!middle)(?<!sus)(?<!es)sexy.*$%<html><head><title>Blocked</title></head><body>\ <h3>Blocked by Privoxy's crude-parental filter due to possible adult content.</h3></body></html>%is
This is going to loosen the rules a bit, but should still block most stuff.
- Edit /etc/privoxy/user.action file, and add the following to the end
# Content filter everything {+filter{crude-parental}} /.* # Anything here gets whitelisted {-filter{crude-parental}} wiki.alpinelinux.org
- If you do not want to advertise you are using privoxy, edit /etc/privoxy/default.filter, search for the parental-crude filter, and change the text as you like.
- Start privoxy
/etc/init.d/privoxy
- add privoxy to the startup scripts
rc-update add privoxy
- To test, set your browser to use 192.168.1.1:8080 as the proxy, and enter "http://config.privoxy.org" - you should go to the privoxy page.
- Unset your browser's proxy settings.
Set up Transparent Proxy Redirection
- Add awall
apk add awall
- Create /etc/awall/optional/home-firewall.json - Change the interfaces in the zones as appropriate:
{ "description": "Home Firewall", "zone": { "inet" : { "iface" : "eth1" }, "loc" : { "iface" : "eth0" } }, "policy": [ { "in": "_fw", "action": "accept" }, { "in": "loc", "out": "inet", "action": "accept" }, { "in": "loc", "out": "_fw", "action": "accept" } ], "snat": [ { "out": "inet" } ], "dnat": [ { "in": "loc", "service": "http", "to-port": 8080 } ] }
- Enable the firewall
awall enable home-firewall
- Activate it
awall activate
- Surf, again, you can still use http://config.privoxy.org to verify the intercepting proxy is working