UPDATE 23rd of December 2014 – the new Squid 3 for Windows project capable of HTTPS filtering and SSL Bumping is now available at http://squid.diladele.com.
This HOWTO describes how to protect users in your home or small enterprise network from excessive and malware ads and limit your online habits exposure by blocking well known tracking networks, privacy sniffing scripts and behavioral data trackers.
A lot of web sites put excessive amount of advertisements on their pages, content of these ads are out of control of a web site owner. Some sites collect tracing info from their visitors besides usually available IP addresses. All those scripts, text and images take sometimes very precious part of network bandwidth and slow down overall browsing experience from multiple PCs, tables, smartphones and other devices, usually present in a typical home or small office.
Setup a centralized home server based on Microsoft Windows 8 or Microsoft Windows Server 2012, install open source web caching server Squid, add Diladele Web Safety solution to block ads and increase privacy and direct all networked computers, smartphones and tables present to this server. Squid will do the caching, Diladele will do the filtering and Windows 8 will host previous two 24×7 online.
In this tutorial, I am assuming that the network environment consists of a SOHO level router that distributes wireless Wi-Fi, several desktop and laptop computers, iPads or other tablets, and some iPhones, Androids or other mobile smart phones as shown on the following network diagram.
I also assume you have your Windows 8 (Server 2012) up and running and you did the successful logon to the desktop. This computer will serve as a network server.
Download and Unpack Squid Proxy
The Squid installation package for Windows can be downloaded from Squid for Windows page of Acme Consulting as shown on the following screenshots.
Select stable version 2.7 of Squid and save it into the Downloads folder.
Do the right mouse click on the downloaded file and select “Extract all… here”. Wait until the archive is extracted.
Install Squid Proxy Server
In order to install Squid we need to do some command prompt magic. Press the Windows key, type cmd in the input box and press Enter while holding the CTRL+SHIFT keys (this will open command prompt in Administrator mode).
cd C:\Users\\Downloads\squid-2.7.STABLE-bin and press Enter again. The command prompt’s current folder will change into folder where we have unpacked Squid earlier (see screenshot below).
We need to copy the unpacked Squid folder to the root folder of
C: drive. For now, the easiest solution is to keep Squid installed in
C:\squid and do NOT try to put it into the usual
C:\Program Files folder. So type
xcopy /S squid c:\squid\ in the command prompt and wait until all files are copied.
C:\squid\etc folder contains for files with .conf.default extension, we need to erase the extension from all of them leaving only .conf instead.
Change current directory of the command prompt to the sbin folder by typing
cd c:\squid\sbin. When it is done, install Squid as a Windows Service by typing
squid -i in the command prompt.
Press Windows+R and type
services.msc in the input box and then press Enter to start the Services MMC Snap-in. Check the Squid service is successfully installed. NOTE: if you try to start the service now it will give errors, the reason for this is that some of the folder and caching information is missing.
We will need to create a folder in the
C:\squid installation directory. Press right mouse button in the Explorer window and select New -> Folder. Name it
var. Now create another folder named
logs inside of the
Switch to the command prompt and type
squid -z being in the
C:\squid\sbin directory to create a cache structure inside the
var folder. Check that is it created by looking at the contents of the
var\cache folder in the Windows Explorer.
Switch to the Services snap-in and start the Squid service (right click on the service name and choose Start). The service status should turn into “Started” and squid.exe process will be shown in the Task Manager.
Still being at your server’s desktop open up the Internet Explorer, choose Internet Options -> Connections -> LAN settings. Select the Use a proxy server checkbox and type
localhost 3128 there as shown on the following screenshot.
Navigate to the http://squid-cache.org to see the browser now goes to the Internet thorough Squid.
By default access to Internet from the same PC that Squid runs on is disabled, so to fix it, uncomment “http_access allow localnet” in
C:\squid\etc\squid.conf to let local Internet Explorer access this Squid proxy. Save the conf file and restart Squid service.
Refresh the browser and see if Squid’s web site can now be accessed.
Just to be sure everything works as expected, open
C:\squid\var\logs\access.log and notice a lot of entries there.
Post Install Firewall Configuration
In order to use the just installed proxy from other machines in the home network, we need to tweak the firewall setting of the Windows 8. Press the Windows key, type “Firewall” and click on the “Windows Firewall with Advanced Security” icon.
Press the New Rule… button at the top right of the window.
And select Port checkbox.
Select TCP and Specific local port, type 3128 there. This is the port number the Squid usually listens to for incoming requests from the browsers.
Select Allow the connection and press Next. Then check all Domain, Private and Public checkboxes on the next step and press Next again.
Name the newly created rule as you like. Press Finish to complete the wizard steps. Open up the browser on another computer in your home network; specify the name or IP address of this Windows server as the proxy name and proxy port 3128. Type your favorite web site in the browser’s address bar and surf.
Blocking Ads and Protecting Privacy on Windows 8
In order to block ads and protect online privacy of all devices that are used to browse the Internet we will use a personal web filter from Diladele B.V. called Diladele Web Safety. Go the Windows Store, Security, Personal Security and find the link to the desktop application by Diladele there. If windows store is not an option – just download the application directly from Diladele web site (www.diladele.com).
Double click the downloaded MSI and follow the steps of the installation wizard always clicking Next and then Finish. After install, press the Windows key and type “Web” in the Apps search box, then select Diladele Web Safety.
Main window of the application shows filtering status and blocking statistics. It also has the Enable / Disable button when we might for any reason decide to temporary pause the filtering.
Choose Settings tab and then Ad Blocking section on the left. Select languages common to the web site languages you typically browse (e.g. English, German and Dutch for me).
In order to have ads blocked and online privacy protected, we need to filter Squid process, so select “Target Programs” section on the left and the press the “Add New” button on the right. Navigate to
C:\squid\sbin\squid.exe and press OK. The Squid binary and its description should be added to the list of target programs. Press Save Settings and confirm it in the UAC prompt.
Navigate back to the Home tab of Diladele Web Safety and select “Click here to monitor latest web activities of filtered browsers” command link. A new window will be opened with a list of URLs that are being browsed at this very moment.
Open the browser that you previously used to connect to the internet through Squid, and navigate to your favorite web site (spiegel.de in my case), see how nicely all ads are blocked. The Activities Window at the same time shows what I am browsing and the URLs blocked because of ads or privacy tracking.
As we now have Squid Proxy running in our network we automatically get ad blocking and privacy protection for all the browsers. Here for example is the same web site shown on iPad. Also note it was not required to install anything third party on the iPad and did not do the jail brake. It just works out of the box (you must point iPad to Squid proxy of course).
If for any reason you would like to see the ads on some web sites, for example to support your favorite site fellows making their living with ads – just add the domain name to the Exclusion section in Diladele Web Safety and those domains will not be filtered.
We have successfully installed Squid proxy on Windows 8 (Server 2012). All our devices point their browsers to Squid proxy which greatly speeds up network connection by providing cached versions of most frequently used URLs. Diladele Web Safety filters web traffic from excessive and malware ads and provides decent level of privacy by blocking sniffing scripts and behavioral data trackers.
Extend our installation to add filtering of explicit material to keep minors surfing in our network safe online.