Setting up Transparent Content Filter on Gateway with Privoxy

From Alpine Linux
Revision as of 02:52, 21 September 2017 by John3-16 (talk | contribs) (Categorized: Software, Proxy Server, Security)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

These instructions set up a transparent web content filter on the gateway, using privoxy. By default Privoxy contains a crude parental-controls filter that can filter many pornographic sites. Its not perfect, but nothing is.

This is significantly lighter weight than squid+dansguardian or squid+squark; and may be suitable for a small home network.


Install Privoxy

  • Install privoxy

apk add privoxy

  • Edit the /etc/privoxy/config file, and edit the listen-address:
listen-address  :8080 

# We will be doing intercepting proxying
accept-intercepted-requests 1 
  • Edit /etc/privoxy/default.filter. The default "sex" rule matches lots of javascript, like "trendsexplorer".
    Search for "parental", and change the line regarding "sex" to:
s%^.*(?<!middle)(?<!sus)(?<!es)sexy.*$%<html><head><title>Blocked</title></head><body>\
<h3>Blocked by Privoxy's crude-parental filter due to possible adult content.</h3></body></html>%is

This is going to loosen the rules a bit, but should still block most stuff.

  • Edit /etc/privoxy/user.action file, and add the following to the end
# Content filter everything
{+filter{crude-parental}}                      
/.*
                                                                             
# Anything here gets whitelisted
{-filter{crude-parental}}                                                    
wiki.alpinelinux.org
  • If you do not want to advertise you are using privoxy, edit /etc/privoxy/default.filter, search for the parental-crude filter, and change the text as you like.
  • Start privoxy

/etc/init.d/privoxy

  • add privoxy to the startup scripts

rc-update add privoxy

  • To test, set your browser to use 192.168.1.1:8080 as the proxy, and enter "http://config.privoxy.org" - you should go to the privoxy page.
  • Unset your browser's proxy settings.

Set up Transparent Proxy Redirection

  • Add awall

apk add awall

  • Create /etc/awall/optional/home-firewall.json - Change the interfaces in the zones as appropriate:
{
"description":  "Home Firewall",

"zone": {
        "inet" : { "iface" : "eth1" },
        "loc"  : { "iface" : "eth0" }
        },

"policy": [
        { "in": "_fw", "action": "accept" },
        { "in": "loc", "out": "inet", "action": "accept" },
        { "in": "loc", "out": "_fw", "action": "accept" }
        ],

"snat": [
        { "out": "inet" }
        ],

"dnat": [
        { "in": "loc", "service": "http", "to-port": 8080 }
        ]
}
  • Enable the firewall

awall enable home-firewall

  • Activate it

awall activate