Skip to content

Instantly share code, notes, and snippets.

@alekc
Created February 27, 2018 09:33
Show Gist options
  • Save alekc/b9cf75a74090b333fac1e4eaf62dec8c to your computer and use it in GitHub Desktop.
Save alekc/b9cf75a74090b333fac1e4eaf62dec8c to your computer and use it in GitHub Desktop.
Transparent squid setup with custom ads blocking.
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl custom_ads dstdom_regex "/etc/squid/ads.acl"
acl ads dstdom_regex "/etc/squid/ad_block.txt"
http_access deny custom_ads
http_access deny ads
deny_info TCP_RESET ads
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localhost manager
#http_access allow localhost
#http_access deny all
http_access allow all
icp_access allow all
cache_mem 512 MB
maximum_object_size_in_memory 128 KB
access_log /var/log/squid/access.log squid
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
cache_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid 15360 16 256
maximum_object_size 4 MB
cache_swap_low 85
cache_swap_high 90
#Squid can not tell the difference between a half-closed and a fully-closed TCP connection. Therefore sends a connection-close to clients that leave a half open connection:
half_closed_clients off
memory_pools off
via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
header_access X_Forwarded_For deny all
#https://calomel.org/squid_adservers.html
@justinhpw111
Copy link

justinhpw111 commented Feb 27, 2020

hi, can share your /etc/squid/ads.acl and /etc/squid/ad_block.txt ?

@alekc
Copy link
Author

alekc commented Feb 27, 2020

Hi, sorry it's not in production anymore (and have not been for a long time) :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment