Blocking Ads and Protecting Online Privacy with Squid, Microsoft Windows 8 and Diladele Web Safety

UPDATE 23rd of December 2014 – the new Squid 3 for Windows project capable of HTTPS filtering and SSL Bumping is now available at http://squid.diladele.com.

This HOWTO describes how to protect users in your home or small enterprise network from excessive and malware ads and limit your online habits exposure by blocking well known tracking networks, privacy sniffing scripts and behavioral data trackers.

The Problem

A lot of web sites put excessive amount of advertisements on their pages, content of these ads are out of control of a web site owner. Some sites collect tracing info from their visitors besides usually available IP addresses. All those scripts, text and images take sometimes very precious part of network bandwidth and slow down overall browsing experience from multiple PCs, tables, smartphones and other devices, usually present in a typical home or small office.

The Solution

Setup a centralized home server based on Microsoft Windows 8 or Microsoft Windows Server 2012, install open source web caching server Squid, add Diladele Web Safety solution to block ads and increase privacy and direct all networked computers, smartphones and tables present to this server. Squid will do the caching, Diladele will do the filtering and Windows 8 will host previous two 24×7 online.

Prerequisites

In this tutorial, I am assuming that the network environment consists of a SOHO level router that distributes wireless Wi-Fi, several desktop and laptop computers, iPads or other tablets, and some iPhones, Androids or other mobile smart phones as shown on the following network diagram.

Sample Network

I also assume you have your Windows 8 (Server 2012) up and running and you did the successful logon to the desktop. This computer will serve as a network server.

Download and Unpack Squid Proxy

The Squid installation package for Windows can be downloaded from Squid for Windows page of Acme Consulting as shown on the following screenshots.

Squid Download Page

Select stable version 2.7 of Squid and save it into the Downloads folder.

Squid Stable Version 2.7

Do the right mouse click on the downloaded file and select “Extract all… here”. Wait until the archive is extracted.

Extract Squid Archive

Install Squid Proxy Server

In order to install Squid we need to do some command prompt magic. Press the Windows key, type cmd in the input box and press Enter while holding the CTRL+SHIFT keys (this will open command prompt in Administrator mode).

Now type cd C:\Users\\Downloads\squid-2.7.STABLE-bin and press Enter again. The command prompt’s current folder will change into folder where we have unpacked Squid earlier (see screenshot below).

Change Into Unpacked Squid Folder

We need to copy the unpacked Squid folder to the root folder of C: drive. For now, the easiest solution is to keep Squid installed in C:\squid and do NOT try to put it into the usual C:\Program Files folder. So type xcopy /S squid c:\squid\ in the command prompt and wait until all files are copied.

The C:\squid\etc folder contains for files with .conf.default extension, we need to erase the extension from all of them leaving only .conf instead.

Rename Conf Files

Change current directory of the command prompt to the sbin folder by typing cd c:\squid\sbin. When it is done, install Squid as a Windows Service by typing squid -i in the command prompt.

Squid Installed As Windows Service

Press Windows+R and type services.msc in the input box and then press Enter to start the Services MMC Snap-in. Check the Squid service is successfully installed. NOTE: if you try to start the service now it will give errors, the reason for this is that some of the folder and caching information is missing.

Squid As Windows Service

We will need to create a folder in the C:\squid installation directory. Press right mouse button in the Explorer window and select New -> Folder. Name it var. Now create another folder named logs inside of the var folder.

Creating Missing Squid Folders

Switch to the command prompt and type squid -z being in the C:\squid\sbin directory to create a cache structure inside the var folder. Check that is it created by looking at the contents of the var\cache folder in the Windows Explorer.

Required Folders Created

Switch to the Services snap-in and start the Squid service (right click on the service name and choose Start). The service status should turn into “Started” and squid.exe process will be shown in the Task Manager.

Squid Process Shown In The Task Manager

Still being at your server’s desktop open up the Internet Explorer, choose Internet Options -> Connections -> LAN settings. Select the Use a proxy server checkbox and type localhost 3128 there as shown on the following screenshot.

Setting Proxy In IE

Navigate to the http://squid-cache.org to see the browser now goes to the Internet thorough Squid.

Cannot Access URI Through Default Squid On Windows

By default access to Internet from the same PC that Squid runs on is disabled, so to fix it, uncomment “http_access allow localnet” in C:\squid\etc\squid.conf to let local Internet Explorer access this Squid proxy. Save the conf file and restart Squid service.

Uncommenting Local Access

Refresh the browser and see if Squid’s web site can now be accessed.

Squid Web Site Accessible

Just to be sure everything works as expected, open C:\squid\var\logs\access.log and notice a lot of entries there.

Squid Access Entries

Post Install Firewall Configuration

In order to use the just installed proxy from other machines in the home network, we need to tweak the firewall setting of the Windows 8. Press the Windows key, type “Firewall” and click on the “Windows Firewall with Advanced Security” icon.

Starting Windows 8 Firewall

Press the New Rule… button at the top right of the window.

New Firewall Rule

And select Port checkbox.

Select Port Check Box

Select TCP and Specific local port, type 3128 there. This is the port number the Squid usually listens to for incoming requests from the browsers.

Specify Squid Port

Select Allow the connection and press Next. Then check all Domain, Private and Public checkboxes on the next step and press Next again.

Allow TCP Connections

Name the newly created rule as you like. Press Finish to complete the wizard steps. Open up the browser on another computer in your home network; specify the name or IP address of this Windows server as the proxy name and proxy port 3128. Type your favorite web site in the browser’s address bar and surf.

Blocking Ads and Protecting Privacy on Windows 8

In order to block ads and protect online privacy of all devices that are used to browse the Internet we will use a personal web filter from Diladele B.V. called Diladele Web Safety. Go the Windows Store, Security, Personal Security and find the link to the desktop application by Diladele there. If windows store is not an option – just download the application directly from Diladele web site (www.diladele.com).

Double click the downloaded MSI and follow the steps of the installation wizard always clicking Next and then Finish. After install, press the Windows key and type “Web” in the Apps search box, then select Diladele Web Safety.

Main window of the application shows filtering status and blocking statistics. It also has the Enable / Disable button when we might for any reason decide to temporary pause the filtering.

Home Window

Choose Settings tab and then Ad Blocking section on the left. Select languages common to the web site languages you typically browse (e.g. English, German and Dutch for me).

Select Language Subscriptions

In order to have ads blocked and online privacy protected, we need to filter Squid process, so select “Target Programs” section on the left and the press the “Add New” button on the right. Navigate to C:\squid\sbin\squid.exe and press OK. The Squid binary and its description should be added to the list of target programs. Press Save Settings and confirm it in the UAC prompt.

Squid Is Added To Target Programs

Navigate back to the Home tab of Diladele Web Safety and select “Click here to monitor latest web activities of filtered browsers” command link. A new window will be opened with a list of URLs that are being browsed at this very moment.

List Of Blocked URLs

Open the browser that you previously used to connect to the internet through Squid, and navigate to your favorite web site (spiegel.de in my case), see how nicely all ads are blocked. The Activities Window at the same time shows what I am browsing and the URLs blocked because of ads or privacy tracking.

Spiegel With Blocked Ads

As we now have Squid Proxy running in our network we automatically get ad blocking and privacy protection for all the browsers. Here for example is the same web site shown on iPad. Also note it was not required to install anything third party on the iPad and did not do the jail brake. It just works out of the box (you must point iPad to Squid proxy of course).

Ads Blocked on iPad

If for any reason you would like to see the ads on some web sites, for example to support your favorite site fellows making their living with ads – just add the domain name to the Exclusion section in Diladele Web Safety and those domains will not be filtered.

List of Excluded Domains

Conclusion

We have successfully installed Squid proxy on Windows 8 (Server 2012). All our devices point their browsers to Squid proxy which greatly speeds up network connection by providing cached versions of most frequently used URLs. Diladele Web Safety filters web traffic from excessive and malware ads and provides decent level of privacy by blocking sniffing scripts and behavioral data trackers.

Next Steps

Extend our installation to add filtering of explicit material to keep minors surfing in our network safe online.

About sichent

sichent
This entry was posted in adblock, Diladele, Network, online privacy, proxy, squid, web filter, Windows 8. Bookmark the permalink.

6 Responses to Blocking Ads and Protecting Online Privacy with Squid, Microsoft Windows 8 and Diladele Web Safety

  1. Pingback: Content Filtering on Windows Home Server 2011 | sichent

  2. Pingback: Installing Squid on Windows Home Server (WHS) 2011 | sichent

  3. Califf says:

    very nice guide, thanks!

  4. John Everitt says:

    Thought I followed the guide exactly on a Windows 8.1 64 bit desktop using Squid 32 bit 2.7 STABLE and it doesn’t seem to do anything. The web security task is running as well as squid and the squid logs are showing activity but the Web Security Console showing Browser Activity shows no activity and web pages are still shown with ads both if I try a browser (IE11) on the machine running squid or a Browser (Firefox) on another machine configured to use the proxy. Who should I contact to help with identifying the issue ?

    • sichent says:

      John, have you added squid.exe to the target filtered programs? The filtering is done on remote port 80, so do you have anything configured that could transparently redirect traffic locally? I know Kaspersky AV does that, not sure if other av vendors follow this road.

      • John Everitt says:

        Yup, I’ve added squid.exe as a target filtered program.

        Some apps I have running that may be relevant … SuperAntiSpyware, Avast, Free Download Manager with Torrent Support enabled, Daemon Tools, and Catalyst Control Centre for AMD Graphics, Checkpoint SSL (not active), Malwarebytes and VLC …

        Any ideas ? Thanks …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s