We present here a proxy server for your home (at least) with ssl interception that is making ad blocking and other custom domain blocking easy for all your devices (pcs, tablets, smartphones).

Blocking ads for applications running on your smartphone and effective control of your web access (for kids etc...) is probably impossible without a proxy running between you and the web.

In addition to blocking, the central caching functionality ensures great improvements in speed on browsing the web.

Last but not least, proxy's access logs provide usefull information and statistics about web access for analysing later.

In this installation the server is running on raspberry pi 2 (raspbian) consumming almost no power for 24/7 use.

Please note that in order to use ssl interception functionality you need to built the squid package adding the following configuration options:

–enable-ssl –enable-ssl-crtd –disable-arch-native

Built configuration for ssl interception

Confirm that your built is done with the required options running:

~# squid3 -v

Squid Cache: Version 3.4.8

Debian linux

configure options: {...} '--enable-ssl' '--enable-ssl-crtd' '--disable-arch-native' {...}

You can generate your key-CA certifications with the following commands:

openssl genrsa -out squid.key 2048

openssl req -new -key squid.key -out squid.csr

openssl x509 -req -days 3650 -in squid.csr -signkey squid.key -out squid.crt

cat squid.key squid.crt > /etc/squid3/ssl_cert/myCA.pem

Of course, if you are using self-signed certificate like this, you have to add your CA to your browser's/devices's trusted CAs. Check android's, ios's etc documentation on how to do that.

Ad blocking

You can configure - built your ad domains with a script like that (use it with crontab):

#! /bin/bash wget -O / tmp / temp_ad_file http : / / pgl . yoyo . org / adservers / serverlist . php ? hostformat = squid - dstdom - regex ; showintro = 0 > / dev / null cat / tmp / temp_ad_file | grep "(^|" > / etc / s quid3 / ad_sites . txt rm - rf / tmp / temp_ad_file service squid3 reload

Squid configuration example (squid.conf)