opkg update

opkg install privoxy

confdir /opt/etc/privoxy

logdir /opt/var/log

user-manual /opt/share/doc/privoxy/user-manual/

admin-address usenet@thebat.net

filterfile default.filter

logfile privoxy

actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.

actionsfile default.action   # Main actions file

actionsfile user.action      # User customizations

listen-address  192.168.0.100:8118

toggle  1

enable-remote-toggle  1

enable-remote-http-toggle  0

enable-edit-actions 1

enforce-blocks 0

buffer-limit 4096

forwarded-connect-retries  0

accept-intercepted-requests 1

allow-cgi-request-crunching 0

split-large-forms 0

keep-alive-timeout 5

socket-timeout 300

#permit-access  192.168.0.0/24

debug   1    # show each GET/POST/CONNECT request

debug   4096 # Startup banner and warnings

debug   8192 # Errors - *we highly recommended enabling this*

#proxy-info-url http://www.example.com/proxy-service.html

proxy-info-url http://config.privoxy.org/proxy-service.html

actionsfile adblock.script.action

filterfile adblock.script.filter

actionsfile adblock-pxf-polish.script.action

filterfile adblock-pxf-polish.script.filter

actionsfile easylist.script.action

filterfile easylist.script.filter

actionsfile easylistgermany.script.action

filterfile easylistgermany.script.filter

actionsfile easyprivacy.script.action

filterfile easyprivacy.script.filter

actionsfile fanboy-adblock.script.action

filterfile fanboy-adblock.script.filter

#!/bin/sh 



ENABLED=yes 

PROCS=privoxy 

ARGS="/opt/etc/privoxy/config" 

PREARGS="" 

DESC=$PROCS 

PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 



. /opt/etc/init.d/rc.func

/opt/etc/init.d/S24privoxy start

ps|grep -v grep|grep "privoxy /opt/etc/privoxy/config"|wc -l

opkg update

opkg install bash wget

 #!/opt/bin/bash

#

######################################################################

#

#                  Author: Andrwe Lord Weber

#                  Mail: lord-weber-andrwerenona-studiosorg

#                  Version: 0.2

#                  URL: http://andrwe.dyndns.org/doku.php/blog/scripting/bash/privoxy-blocklist

#

##################

#

#                  Sumary: 

#                   This script downloads, converts and installs

#                   AdblockPlus lists into Privoxy

#

######################################################################

 

######################################################################

#

#                 TODO:

#                  - implement:

#                     domain-based filter

#

######################################################################

 

######################################################################

#

#                  script variables and functions

#

######################################################################

 

# array of URL for AdblockPlus lists

URLS=("https://easylist-downloads.adblockplus.org/easylist.txt" "https://easylist-downloads.adblockplus.org/easyprivacy.txt" "https://easylist-downloads.adblockplus.org/easylistgermany.txt" "http://www.niecko.pl/adblock/adblock.txt" "http://adblocklist.org/adblock-pxf-polish.txt"  "https://secure.fanboy.co.nz/fanboy-adblock.txt")

#URLS=("https://easylist-downloads.adblockplus.org/easylist.txt" "https://easylist-downloads.adblockplus.org/easyprivacy.txt" "https://easylist-downloads.adblockplus.org/easylistgermany.txt" "https://easylist-downloads.adblockplus.org/easylistitaly.txt" "https://dutchadblockfilters.googlecode.com/svn/trunk/AdBlock_Dutch_hide.txt" "http://lian.info.tm/liste_fr.txt" "https://adblock-chinalist.googlecode.com/svn/trunk/adblock.txt" "http://stanev.org/abp/adblock_bg.txt" "https://indonesianadblockrules.googlecode.com/hg/subscriptions/abpindo.txt" "http://www.niecko.pl/adblock/adblock.txt" "http://adblocklist.org/adblock-pxf-polish.txt" "http://www.bsi.info.pl/filtrABP.txt" "https://secure.fanboy.co.nz/fanboy-adblock.txt")

# privoxy config dir (default: /etc/privoxy/)

CONFDIR=/opt/etc/privoxy

# directory for temporary files

TMPDIR=/opt/tmp/privoxy-blocklist

TMPNAME=$(basename ${0})

 

######################################################################

#

#                  No changes needed after this line.

#

######################################################################

 

function usage()

{

   echo "${TMPNAME} is a script to convert AdBlockPlus-lists into Privoxy-lists and install them."

   echo " "

   echo "Options:"

   echo "      -h:    Show this help."

   echo "      -q:    Don't give any output."

   echo "      -v 1:  Enable verbosity 1. Show a little bit more output."

   echo "      -v 2:  Enable verbosity 2. Show a lot more output."

   echo "      -v 3:  Enable verbosity 3. Show all possible output and don't delete temporary files.(For debugging only!!)"

   echo "      -r:    Remove all lists build by this script."

}

 

[ ${UID} -ne 0 ] && echo -e "Root privileges needed. Exit.\n\n" && usage && exit 1

 

# check whether an instance is already running

[ -e ${TMPDIR}/${TMPNAME}.lock ] && echo "An Instance of ${TMPNAME} is already running. Exit" && exit

 

DBG=0

 

function debug()

{

   [ ${DBG} -ge ${2} ] && echo -e "${1}"

}

 

function main()

{

   cpoptions=""

   [ ${DBG} -gt 0 ] && cpoptions="-v"

 

   for url in ${URLS[@]}

   do

      debug "Processing ${url} ...\n" 0

      file=${TMPDIR}/$(basename ${url})

      actionfile=${file%\.*}.script.action

      filterfile=${file%\.*}.script.filter

      list=$(basename ${file%\.*})

 

      # download list

      debug "Downloading ${url} ..." 0

      /opt/bin/wget -t 3 --no-check-certificate -O ${file} ${url} >${TMPDIR}/wget-${url//\//#}.log 2>&1

      debug "$(cat ${TMPDIR}/wget-${url//\//#}.log)" 2

      debug ".. downloading done." 0

      [ "$(grep -E '^\[Adblock.*\]$' ${file})" == "" ] && echo "The list recieved from ${url} isn't an AdblockPlus list. Skipped" && continue

 

      # convert AdblockPlus list to Privoxy list

      # blacklist of urls

      debug "Creating actionfile for ${list} ..." 1

      echo -e "{ +block{${list}} }" > ${actionfile}

      sed '/^!.*/d;1,1 d;/^@@.*/d;/\$.*/d;/#/d;s/\./\\./g;s/\?/\\?/g;s/\*/.*/g;s/(/\\(/g;s/)/\\)/g;s/\[/\\[/g;s/\]/\\]/g;s/\^/[\/\&:\?=_]/g;s/^||/\./g;s/^|/^/g;s/|$/\$/g;/|/d' ${file} >> ${actionfile}

      debug "... creating filterfile for ${list} ..." 1

      echo "FILTER: ${list} Tag filter of ${list}" > ${filterfile}

      # set filter for html elements

      sed '/^#/!d;s/^##//g;s/^#\(.*\)\[.*\]\[.*\]*/s|<([a-zA-Z0-9]+)\\s+.*id=.?\1.*>.*<\/\\1>||g/g;s/^#\(.*\)/s|<([a-zA-Z0-9]+)\\s+.*id=.?\1.*>.*<\/\\1>||g/g;s/^\.\(.*\)/s|<([a-zA-Z0-9]+)\\s+.*class=.?\1.*>.*<\/\\1>||g/g;s/^a\[\(.*\)\]/s|.*<\/a>||g/g;s/^\([a-zA-Z0-9]*\)\.\(.*\)\[.*\]\[.*\]*/s|<\1.*class=.?\2.*>.*<\/\1>||g/g;s/^\([a-zA-Z0-9]*\)#\(.*\):.*[:[^:]]*[^:]*/s|<\1.*id=.?\2.*>.*<\/\1>||g/g;s/^\([a-zA-Z0-9]*\)#\(.*\)/s|<\1.*id=.?\2.*>.*<\/\1>||g/g;s/^\[\([a-zA-Z]*\).=\(.*\)\]/s|\1^=\2>||g/g;s/\^/[\/\&:\?=_]/g;s/\.\([a-zA-Z0-9]\)/\\.\1/g' ${file} >> ${filterfile}

      debug "... filterfile created - adding filterfile to actionfile ..." 1

      echo "{ +filter{${list}} }" >> ${actionfile}

      echo "*" >> ${actionfile}

      debug "... filterfile added ..." 1

      debug "... creating and adding whitlist for urls ..." 1

      # whitelist of urls

      echo "{ -block }" >> ${actionfile}

      sed '/^@@.*/!d;s/^@@//g;/\$.*/d;/#/d;s/\./\\./g;s/\?/\\?/g;s/\*/.*/g;s/(/\\(/g;s/)/\\)/g;s/\[/\\[/g;s/\]/\\]/g;s/\^/[\/\&:\?=_]/g;s/^||/\./g;s/^|/^/g;s/|$/\$/g;/|/d' ${file} >> ${actionfile}

      debug "... created and added whitelist - creating and adding image handler ..." 1

      # whitelist of image urls

      echo "{ -block +handle-as-image }" >> ${actionfile}

      sed '/^@@.*/!d;s/^@@//g;/\$.*image.*/!d;s/\$.*image.*//g;/#/d;s/\./\\./g;s/\?/\\?/g;s/\*/.*/g;s/(/\\(/g;s/)/\\)/g;s/\[/\\[/g;s/\]/\\]/g;s/\^/[\/\&:\?=_]/g;s/^||/\./g;s/^|/^/g;s/|$/\$/g;/|/d' ${file} >> ${actionfile}

      debug "... created and added image handler ..." 1

      debug "... created actionfile for ${list}." 1

 

      # install Privoxy actionsfile

      cp ${cpoptions} ${actionfile} ${CONFDIR}

      if [ "$(grep $(basename ${actionfile}) ${CONFDIR}/config)" == "" ] 

      then

         debug "\nModifying ${CONFDIR}/config ..." 0

         sed "s/^actionsfile user\.action/actionsfile $(basename ${actionfile})\nactionsfile user.action/" ${CONFDIR}/config > ${TMPDIR}/config

         debug "... modification done.\n" 0

         debug "Installing new config ..." 0

         cp ${cpoptions} ${TMPDIR}/config ${CONFDIR}

         debug "... installation done\n" 0

      fi   

      # install Privoxy filterfile

      cp ${cpoptions} ${filterfile} ${CONFDIR}

      if [ "$(grep $(basename ${filterfile}) ${CONFDIR}/config)" == "" ] 

      then

         debug "\nModifying ${CONFDIR}/config ..." 0

         sed "s/^\(#*\)filterfile user\.filter/filterfile $(basename ${filterfile})\n\1filterfile user.filter/" ${CONFDIR}/config > ${TMPDIR}/config

         debug "... modification done.\n" 0

         debug "Installing new config ..." 0

         cp ${cpoptions} ${TMPDIR}/config ${CONFDIR}

         debug "... installation done\n" 0

      fi   

 

      debug "... ${url} installed successfully.\n" 0

   done

}

 

# create temporary directory and lock file

mkdir -p ${TMPDIR}

touch ${TMPDIR}/${TMPNAME}.lock

 

# set command to be run on exit

[ ${DBG} -le 2 ] && trap "rm -fr ${TMPDIR};exit" INT TERM EXIT

 

# loop for options

while getopts ":hrqv:" opt

do

   case "${opt}" in 

      "h")

         usage

         exit 0

         ;;

      "v")

         DBG="${OPTARG}"

         ;;

      "q")

         DBG=-1

         ;;

      "r")

         echo "Do you really want to remove all build lists?(y/N)"

         read choice

         [ "${choice}" != "y" ] && exit 0

         rm -rf ${CONFDIR}/*.script.{action,filter} && \

         sed '/^actionsfile .*\.script\.action$/d;/^filterfile .*\.script\.filter$/d' -i ${CONFDIR}/config && \

         echo "Lists removed." && exit 0

         echo -e "An error occured while removing the lists.\nPlease have a look into ${CONFDIR} whether there are .script.* files and search for *.script.* in ${CONFDIR}/config."

         exit 1

         ;;

      ":")

         echo "${TMPNAME}: -${OPTARG} requires an argument" >&2

         exit 1

         ;;

   esac

done

 

debug "URL-List: ${URLS}\nPrivoxy-Configdir: ${CONFDIR}\nTemporary directory: ${TMPDIR}" 2

main

 

# restore default exit command

trap - INT TERM EXIT

[ ${DBG} -lt 2 ] && rm -r ${TMPDIR}

[ ${DBG} -eq 2 ] && rm -vr ${TMPDIR}

exit 0 

opkg update

opkg install dansguardian

# DansGuardian config file for version 2.10.1.1



# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf





# Web Access Denied Reporting (does not affect logging)

#

# -1 = log, but do not block - Stealth mode

#  0 = just say 'Access Denied'

#  1 = report why but not what denied phrase

#  2 = report fully

#  3 = use HTML template file (accessdeniedaddress ignored) - recommended

#

reportinglevel = 3



# Language dir where languages are stored for internationalisation.

# The HTML template within this dir is only used when reportinglevel

# is set to 3. When used, DansGuardian will display the HTML file instead of

# using the perl cgi script.  This option is faster, cleaner

# and easier to customise the access denied page.

# The language file is used no matter what setting however.

#

languagedir = '/opt/share/dansguardian/languages'



# language to use from languagedir.

language = 'polish'



# Logging Settings

#

# 0 = none  1 = just denied  2 = all text based  3 = all requests

loglevel = 2



# Log Exception Hits

# Log if an exception (user, ip, URL, phrase) is matched and so

# the page gets let through.  Can be useful for diagnosing

# why a site gets through the filter.

# 0 = never log exceptions

# 1 = log exceptions, but do not explicitly mark them as such

# 2 = always log & mark exceptions (default)

logexceptionhits = 2



# Log File Format

# 1 = DansGuardian format (space delimited)

# 2 = CSV-style format

# 3 = Squid Log File Format

# 4 = Tab delimited

logfileformat = 1



# truncate large items in log lines

#maxlogitemlength = 400



# anonymize logs (blank out usernames & IPs)

#anonymizelogs = on





# Syslog logging

#

# Use syslog for access logging instead of logging to the file

# at the defined or built-in "loglocation"

#syslog = on



# Log file location

# 

# Defines the log directory and filename.

#loglocation = '/opt/var/log/dansguardian/access.log'





# Statistics log file location

#

# Defines the stat file directory and filename.

# Only used in conjunction with maxips > 0

# Once every 3 minutes, the current number of IPs in the cache, and the most

# that have been in the cache since the daemon was started, are written to this

# file. IPs persist in the cache for 7 days.

#statlocation = '/opt/var/log/dansguardian/stats'





# Network Settings

# 

# the IP that DansGuardian listens on.  If left blank DansGuardian will

# listen on all IPs.  That would include all NICs, loopback, modem, etc.

# Normally you would have your firewall protecting this, but if you want

# you can limit it to a certain IP. To bind to multiple interfaces,

# specify each IP on an individual filterip line.

filterip =



# the port that DansGuardian listens to.

filterport = 9090



# the ip of the proxy (default is the loopback - i.e. this server)

# proxyip = 127.0.0.1

proxyip = 192.168.0.100



# the port DansGuardian connects to proxy on

proxyport = 8118



# Whether to retrieve the original destination IP in transparent proxy

# setups and check it against the domain pulled from the HTTP headers.

#

# Be aware that when visiting sites which use a certain type of round-robin

# DNS for load balancing, DG may mark requests as invalid unless DG gets

# exactly the same answers to its DNS requests as clients.  The chances of

# this happening can be increased if all clients and servers on the same LAN

# make use of a local, caching DNS server instead of using upstream DNS

# directly.

#

# See http://www.kb.cert.org/vuls/id/435052

# on (default) | off

#!! Not compiled !! originalip = on



# accessdeniedaddress is the address of your web server to which the cgi

# dansguardian reporting script was copied. Only used in reporting levels 1 and 2.

#

# This webserver must be either:

#  1. Non-proxied. Either a machine on the local network, or listed as an exception

#     in your browser's proxy configuration.

#  2. Added to the exceptionsitelist. Option 1 is preferable; this option is

#     only for users using both transparent proxying and a non-local server

#     to host this script.

#

# Individual filter groups can override this setting in their own configuration.

#

accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'



# Non standard delimiter (only used with accessdeniedaddress)

# To help preserve the full banned URL, including parameters, the variables

# passed into the access denied CGI are separated using non-standard

# delimiters. This can be useful to ensure correct operation of the filter

# bypass modes. Parameters are split using "::" in place of "&", and "==" in

# place of "=".

# Default is enabled, but to go back to the standard mode, disable it.

nonstandarddelimiter = on







# Banned image replacement

# Images that are banned due to domain/url/etc reasons including those

# in the adverts blacklists can be replaced by an image.  This will,

# for example, hide images from advert sites and remove broken image

# icons from banned domains.

# on (default) | off

usecustombannedimage = on

custombannedimagefile = '/opt/share/dansguardian/transparent1x1.gif'







# Filter groups options

# filtergroups sets the number of filter groups. A filter group is a set of content

# filtering options you can apply to a group of users.  The value must be 1 or more.

# DansGuardian will automatically look for dansguardianfN.conf where N is the filter

# group.  To assign users to groups use the filtergroupslist option.  All users default

# to filter group 1.  You must have some sort of authentication to be able to map users

# to a group.  The more filter groups the more copies of the lists will be in RAM so

# use as few as possible.

filtergroups = 1

filtergroupslist = '/opt/etc/dansguardian/lists/filtergroupslist'







# Authentication files location

bannediplist = '/opt/etc/dansguardian/lists/bannediplist'

exceptioniplist = '/opt/etc/dansguardian/lists/exceptioniplist'







# Show weighted phrases found

# If enabled then the phrases found that made up the total which excedes

# the naughtyness limit will be logged and, if the reporting level is

# high enough, reported. on | off

showweightedfound = on



# Weighted phrase mode

# There are 3 possible modes of operation:

# 0 = off = do not use the weighted phrase feature.

# 1 = on, normal = normal weighted phrase operation.

# 2 = on, singular = each weighted phrase found only counts once on a page.

#

weightedphrasemode = 2







# Positive (clean) result caching for URLs

# Caches good pages so they don't need to be scanned again.

# It also works with AV plugins.

# 0 = off (recommended for ISPs with users with disimilar browsing)

# 1000 = recommended for most users

# 5000 = suggested max upper limit

# If you're using an AV plugin then use at least 5000.

urlcachenumber = 1000

#

# Age before they are stale and should be ignored in seconds

# 0 = never

# 900 = recommended = 15 mins

urlcacheage = 900







# Clean cache for content (AV) scan results

# By default, to save CPU, files scanned and found to be

# clean are inserted into the clean cache and NOT scanned

# again for a while.  If you don't like this then choose

# to disable it.

# (on|off) default = on.

scancleancache = on







# Smart, Raw and Meta/Title phrase content filtering options

# Smart is where the multiple spaces and HTML are removed before phrase filtering

# Raw is where the raw HTML including meta tags are phrase filtered

# Meta/Title is where only meta and title tags are phrase filtered (v. quick)

# CPU usage can be effectively halved by using setting 0 or 1 compared to 2

# 0 = raw only

# 1 = smart only

# 2 = both of the above (default)

# 3 = meta/title

phrasefiltermode = 2



# Lower casing options

# When a document is scanned the uppercase letters are converted to lower case

# in order to compare them with the phrases.  However this can break Big5 and

# other 16-bit texts.  If needed preserve the case.  As of version 2.7.0 accented

# characters are supported.

# 0 = force lower case (default)

# 1 = do not change case

# 2 = scan first in lower case, then in original case

preservecase = 0



# Note:

# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase

# filtering passes. If you have a large enough userbase for this to be a

# worry, and need to filter pages in exotic character encodings, it may be

# better to run two instances on separate servers: one with preservecase 1

# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one

# with preservecase 0 and ASCII/UTF-8 lists.







# Hex decoding options

# When a document is scanned it can optionally convert %XX to chars.

# If you find documents are getting past the phrase filtering due to encoding

# then enable.  However this can break Big5 and other 16-bit texts.

# off = disabled (default)

# on = enabled

hexdecodecontent = off







# Force Quick Search rather than DFA search algorithm

# The current DFA implementation is not totally 16-bit character compatible

# but is used by default as it handles large phrase lists much faster.

# If you wish to use a large number of 16-bit character phrases then

# enable this option.

# off (default) | on (Big5 compatible)

forcequicksearch = off







# Reverse lookups for banned site and URLs.

# If set to on, DansGuardian will look up the forward DNS for an IP URL

# address and search for both in the banned site and URL lists.  This would

# prevent a user from simply entering the IP for a banned address.

# It will reduce searching speed somewhat so unless you have a local caching

# DNS server, leave it off and use the Blanket IP Block option in the

# bannedsitelist file instead.

reverseaddresslookups = off







# Reverse lookups for banned and exception IP lists.

# If set to on, DansGuardian will look up the forward DNS for the IP

# of the connecting computer.  This means you can put in hostnames in

# the exceptioniplist and bannediplist.

# If a client computer is matched against an IP given in the lists, then the

# IP will be recorded in any log entries; if forward DNS is successful and a

# match occurs against a hostname, the hostname will be logged instead.

# It will reduce searching speed somewhat so unless you have a local DNS server, 

# leave it off.

reverseclientiplookups = off





# Perform reverse lookups on client IPs for successful requests.

# If set to on, DansGuardian will look up the forward DNS for the IP

# of the connecting computer, and log host names (where available) rather than

# IPs against requests.

# This is not dependent on reverseclientiplookups being enabled; however, if it

# is, enabling this option does not incur any additional forward DNS requests.

logclienthostnames = off





# Build bannedsitelist and bannedurllist cache files.

# This will compare the date stamp of the list file with the date stamp of

# the cache file and will recreate as needed.

# If a bsl or bul .processed file exists, then that will be used instead.

# It will increase process start speed by 300%.  On slow computers this will

# be significant.  Fast computers do not need this option. on | off

createlistcachefiles = on







# POST protection (web upload and forms)

# does not block forms without any file upload, i.e. this is just for

# blocking or limiting uploads

# measured in kibibytes after MIME encoding and header bumph

# use 0 for a complete block

# use higher (e.g. 512 = 512Kbytes) for limiting

# use -1 for no blocking

#maxuploadsize = 512

#maxuploadsize = 0

maxuploadsize = -1







# Max content filter size

# Sometimes web servers label binary files as text which can be very

# large which causes a huge drain on memory and cpu resources.

# To counter this, you can limit the size of the document to be

# filtered and get it to just pass it straight through.

# This setting also applies to content regular expression modification.

# The value must not be higher than maxcontentramcachescansize

# The size is in Kibibytes - eg 2048 = 2Mb

# use 0 to set it to maxcontentramcachescansize

maxcontentfiltersize = 256







# Max content ram cache scan size

# This is only used if you use a content scanner plugin such as AV

# This is the max size of file that DG will download and cache

# in RAM.  After this limit is reached it will cache to disk

# This value must be less than or equal to maxcontentfilecachescansize.

# The size is in Kibibytes - eg 10240 = 10Mb

# use 0 to set it to maxcontentfilecachescansize

# This option may be ignored by the configured download manager.

maxcontentramcachescansize = 2000







# Max content file cache scan size

# This is only used if you use a content scanner plugin such as AV

# This is the max size file that DG will download

# so that it can be scanned or virus checked.

# This value must be greater or equal to maxcontentramcachescansize.

# The size is in Kibibytes - eg 10240 = 10Mb

maxcontentfilecachescansize = 20000







# File cache dir

# Where DG will download files to be scanned if too large for the

# RAM cache.

filecachedir = '/tmp'







# Delete file cache after user completes download

# When a file gets save to temp it stays there until it is deleted.

# You can choose to have the file deleted when the user makes a sucessful

# download.  This will mean if they click on the link to download from

# the temp store a second time it will give a 404 error.

# You should configure something to delete old files in temp to stop it filling up.

# on|off (defaults to on)

deletedownloadedtempfiles = on







# Initial Trickle delay

# This is the number of seconds a browser connection is left waiting

# before first being sent *something* to keep it alive.  The

# *something* depends on the download manager chosen.

# Do not choose a value too low or normal web pages will be affected.

# A value between 20 and 110 would be sensible

# This may be ignored by the configured download manager.

initialtrickledelay = 20







# Trickle delay

# This is the number of seconds a browser connection is left waiting

# before being sent more *something* to keep it alive.  The

# *something* depends on the download manager chosen.

# This may be ignored by the configured download manager.

trickledelay = 10







# Download Managers

# These handle downloads of files to be filtered and scanned.

# They differ in the method they deal with large downloads.

# Files usually need to be downloaded 100% before they can be

# filtered and scanned before being sent on to the browser.

# Normally the browser can just wait, but with content scanning,

# for example to AV, the browser may timeout or the user may get

# confused so the download manager has to do some sort of

# 'keep alive'.

#

# There are various methods possible but not all are included.

# The author does not have the time to write them all so I have

# included a plugin systam.  Also, not all methods work with all

# browsers and clients.  Specifically some fancy methods don't

# work with software that downloads updates.  To solve this,

# each plugin can support a regular expression for matching

# the client's user-agent string, and lists of the mime types

# and extensions it should manage.

#

# Note that these are the matching methods provided by the base plugin

# code, and individual plugins may override or add to them.

# See the individual plugin conf files for supported options.

#

# The plugins are matched in the order you specify and the last

# one is forced to match as the default, regardless of user agent

# and other matching mechanisms.

#

downloadmanager = '/opt/etc/dansguardian/downloadmanagers/fancy.conf'

##!! Not compiled !! downloadmanager = '/opt/etc/dansguardian/downloadmanagers/trickle.conf'

downloadmanager = '/opt/etc/dansguardian/downloadmanagers/default.conf'







# Content Scanners (Also known as AV scanners)

# These are plugins that scan the content of all files your browser fetches

# for example to AV scan.  The options are limitless.  Eventually all of

# DansGuardian will be plugin based.  You can have more than one content

# scanner. The plugins are run in the order you specify.

# This is one of the few places you can have multiple options of the same name.

#

# Some of the scanner(s) require 3rd party software and libraries eg clamav.

# See the individual plugin conf file for more options (if any).

#

#!! Not compiled !! contentscanner = '/opt/etc/dansguardian/contentscanners/clamav.conf'

#!! Not compiled !! contentscanner = '/opt/etc/dansguardian/contentscanners/clamdscan.conf'

#!! Unimplemented !! contentscanner = '/opt/etc/dansguardian/contentscanners/kavav.conf'

#!! Not compiled !! contentscanner = '/opt/etc/dansguardian/contentscanners/kavdscan.conf'

#!! Not compiled !! contentscanner = '/opt/etc/dansguardian/contentscanners/icapscan.conf'

#!! Not compiled !! contentscanner = '/opt/etc/dansguardian/contentscanners/commandlinescan.conf'







# Content scanner timeout

# Some of the content scanners support using a timeout value to stop

# processing (eg AV scanning) the file if it takes too long.

# If supported this will be used.

# The default of 60 seconds is probably reasonable.

contentscannertimeout = 60







# Content scan exceptions

# If 'on' exception sites, urls, users etc will be scanned

# This is probably not desirable behavour as exceptions are

# supposed to be trusted and will increase load.

# Correct use of grey lists are a better idea.

# (on|off) default = off

contentscanexceptions = off







# Auth plugins

# These replace the usernameidmethod* options in previous versions. They

# handle the extraction of client usernames from various sources, such as

# Proxy-Authorisation headers and ident servers, enabling requests to be

# handled according to the settings of the user's filter group.

# Multiple plugins can be specified, and will be queried in order until one

# of them either finds a username or throws an error. For example, if Squid

# is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic'

# and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support

# NTLM can fall back to Basic without sacrificing access rights.

#

# If you do not use multiple filter groups, you need not specify this option.

#

#authplugin = '/opt/etc/dansguardian/authplugins/proxy-basic.conf'

#authplugin = '/opt/etc/dansguardian/authplugins/proxy-digest.conf'

#!! Not compiled !! authplugin = '/opt/etc/dansguardian/authplugins/proxy-ntlm.conf'

#authplugin = '/opt/etc/dansguardian/authplugins/ident.conf'

#authplugin = '/opt/etc/dansguardian/authplugins/ip.conf'







# Re-check replaced URLs

# As a matter of course, URLs undergo regular expression search/replace (urlregexplist)

# *after* checking the exception site/URL/regexpURL lists, but *before* checking against

# the banned site/URL lists, allowing certain requests that would be matched against the

# latter in their original state to effectively be converted into grey requests.

# With this option enabled, the exception site/URL/regexpURL lists are also re-checked

# after replacement, making it possible for URL replacement to trigger exceptions based

# on them.

# Defaults to off.

recheckreplacedurls = off







# Misc settings



# if on it adds an X-Forwarded-For:  to the HTTP request

# header.  This may help solve some problem sites that need to know the

# source ip. on | off

forwardedfor = off





# if on it uses the X-Forwarded-For:  to determine the client

# IP. This is for when you have squid between the clients and DansGuardian.

# Warning - headers are easily spoofed. on | off

u****forwardedfor = off





# if on it logs some debug info regarding fork()ing and accept()ing which

# can usually be ignored.  These are logged by syslog.  It is safe to leave

# it on or off

logconnectionhandlingerrors = on







# Fork pool options



# If on, this causes DG to write to the log file whenever child processes are

# created or destroyed (other than by crashes). This information can help in

# understanding and tuning the following parameters, but is not generally

# useful in production.

logchildprocesshandling = off



# sets the maximum number of processes to spawn to handle the incoming

# connections.  Max value usually 250 depending on OS.

# On large sites you might want to try 180.

maxchildren = 40





# sets the minimum number of processes to spawn to handle the incoming connections.

# On large sites you might want to try 32.

minchildren = 8





# sets the minimum number of processes to be kept ready to handle connections.

# On large sites you might want to try 8.

minsparechildren = 4





# sets the minimum number of processes to spawn when it runs out

# On large sites you might want to try 10.

preforkchildren = 6





# sets the maximum number of processes to have doing nothing.

# When this many are spare it will cull some of them.

# On large sites you might want to try 64.

maxsparechildren = 32





# sets the maximum age of a child process before it croaks it.

# This is the number of connections they handle before exiting.

# On large sites you might want to try 10000.

maxagechildren = 500





# Sets the maximum number client IP addresses allowed to connect at once.

# Use this to set a hard limit on the number of users allowed to concurrently

# browse the web. Set to 0 for no limit, and to disable the IP cache process.

maxips = 0







# Process options

# (Change these only if you really know what you are doing).

# These options allow you to run multiple instances of DansGuardian on a single machine.

# Remember to edit the log file path above also if that is your intention.



# IPC filename

# 

# Defines IPC server directory and filename used to communicate with the log process.

ipcfilename = '/tmp/.dguardianipc'



# URL list IPC filename

# 

# Defines URL list IPC server directory and filename used to communicate with the URL

# cache process.

urlipcfilename = '/tmp/.dguardianurlipc'



# IP list IPC filename

#

# Defines IP list IPC server directory and filename, for communicating with the client

# IP cache process.

ipipcfilename = '/tmp/.dguardianipipc'



# PID filename

# 

# Defines process id directory and filename.

#pidfilename = '/opt/var/run/dansguardian.pid'



# Disable daemoning

# If enabled the process will not fork into the background.

# It is not usually advantageous to do this.

# on|off (defaults to off)

nodaemon = off



# Disable logging process

# on|off (defaults to off)

nologger = off



# Enable logging of "ADs" category blocks

# on|off (defaults to off)

logadblocks = off



# Enable logging of client User-Agent

# Some browsers will cause a *lot* of extra information on each line!

# on|off (defaults to off)

loguseragent = off



# Daemon runas user and group

# This is the user that DansGuardian runs as.  Normally the user/group nobody.

# Uncomment to use.  Defaults to the user set at compile time.

# Temp files created during virus scanning are given owner and group read

# permissions; to use content scanners based on external processes, such as

# clamdscan, the two processes must run with either the same group or user ID.

daemonuser = 'root'

daemongroup = 'root'



# Soft restart

# When on this disables the forced killing off all processes in the process group.

# This is not to be confused with the -g run time option - they are not related.

# on|off (defaults to off)

softrestart = off



# Mail program

# Path (sendmail-compatible) email program, with options.

# Not used if usesmtp is disabled (filtergroup specific).

#!! Not compiled !!mailer = '/usr/sbin/sendmail -t'

/opt/etc/init.d/S24dansguardian start

PROXY_PORT=9090

LAN_IP='nvram get lan_ipaddr'

iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443,8080 ! -d $LAN_IP -j DNAT --to-destination $LAN_IP:$PROXY_PORT

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8118

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8118

iptables -t mangle -A POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.2 -j MARK --set-mark 10

iptables -t mangle -A POSTROUTING -s 192.168.1.1 -d 192.168.1.2 -j MARK --set-mark 10

iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443,8080 ! -d 192.168.1.1 -j DNAT --to-destination 192.168.1.1:8118

2012-08-02 16:03:27.396 2aab0310 Info: Privoxy version 3.0.19

2012-08-02 16:03:27.397 2aab0310 Info: Program name: privoxy

2012-08-02 16:05:26.200 2aab0310 Info: exiting by signal 15 .. bye

2012-08-02 16:05:27.337 2aab0310 Info: Privoxy version 3.0.19

2012-08-02 16:05:27.338 2aab0310 Info: Program name: privoxy

2012-08-02 16:05:27.338 2aab0310 Info: Loading filter file: /opt/etc/privoxy/default.filter

2012-08-02 16:05:27.386 2aab0310 Info: Loading filter file: /opt/etc/privoxy/adblock.script.filter

2012-08-02 16:05:27.386 2aab0310 Error: Adding re_filter job '*[src[/&:?=_]="http://go\.arbopl\.bbelements\.com/logos/"]' to filter adblock failed with error -101.

2012-08-02 16:05:27.387 2aab0310 Info: Loading filter file: /opt/etc/privoxy/adblock-pxf-polish.script.filter

2012-08-02 16:05:27.387 2aab0310 Error: Adding re_filter job 'div[id*="reklam"],div[class="reklam"]' to filter adblock-pxf-polish failed with error 2.

2012-08-02 16:05:27.389 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylist.script.filter

2012-08-02 16:05:33.207 2aab0310 Error: Adding re_filter job 's|.*||g' to filter easylist failed with error 68.

2012-08-02 16:05:34.814 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylistgermany.script.filter

2012-08-02 16:05:34.843 2aab0310 Error: Adding re_filter job 'input[onclick[/&:?=_]="window\.open('http://www\.firstload\.de/affiliate/"]' to filter easylistgermany failed with error -101.

2012-08-02 16:05:34.843 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easyprivacy.script.filter

2012-08-02 16:05:34.844 2aab0310 Info: Loading filter file: /opt/etc/privoxy/fanboy-adblock.script.filter

2012-08-02 16:05:34.849 2aab0310 Error: Adding re_filter job 's|onclick[/&:?=_]="window\.open('http://adultfriendfinder\.com/search/">||g' to filter fanboy-adblock failed with error 70.

2012-08-02 16:05:51.818 2aab0310 Error: Adding re_filter job 'A[href[/&:?=_]="http://secure\.hostgator\.com/~affiliat/"]' to filter fanboy-adblock failed with error -101.

2012-08-02 16:05:51.822 2aab0310 Error: Adding re_filter job 'A[href[/&:?=_]="http://www\.dreamhost\.com/r\.cgi?"]' to filter fanboy-adblock failed with error -101.

2012-08-02 16:05:51.830 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="ava_"][style="text-align:center;"]' to filter fanboy-adblock failed with error 2.

2012-08-02 16:05:51.854 2aab0310 Error: Adding re_filter job 'a\.ad_policy' to filter fanboy-adblock failed with error -101.

2012-08-02 16:05:51.922 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="div-gpt-ad-"]' to filter fanboy-adblock failed with error 2.

2012-08-02 16:05:51.926 2aab0310 Error: Adding re_filter job 'iframe[src[/&:?=_]="http://ad\.yieldmanager\.com/"]' to filter fanboy-adblock failed with error -101.

2012-08-02 16:05:51.927 2aab0310 Info: Loading actions file: /opt/etc/privoxy/match-all.action

2012-08-02 16:05:51.928 2aab0310 Info: Loading actions file: /opt/etc/privoxy/default.action

2012-08-02 16:05:52.014 2aab0310 Info: Loading actions file: /opt/etc/privoxy/user.action

2012-08-02 16:05:52.021 2aab0310 Info: Loading actions file: /opt/etc/privoxy/adblock.script.action

2012-08-02 16:05:52.038 2aab0310 Info: Loading actions file: /opt/etc/privoxy/adblock-pxf-polish.script.action

2012-08-02 16:05:52.051 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easylist.script.action

2012-08-02 16:05:52.477 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easylistgermany.script.action

2012-08-02 16:05:52.631 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easyprivacy.script.action

2012-08-02 16:05:52.829 2aab0310 Info: Loading actions file: /opt/etc/privoxy/fanboy-adblock.script.action

2012-08-02 16:05:53.154 2aab0310 Info: Listening on port 8118 on IP address 192.168.1.1

2012-08-02 16:09:48.135 2e45c690 Error: write to client failed: Operation now in progress

2012-08-02 00:00:16.924 2aab0310 Info: exiting by signal 15 .. bye

2012-08-02 00:00:18.144 2aab0310 Info: Privoxy version 3.0.19

2012-08-02 00:00:18.145 2aab0310 Info: Program name: privoxy

2012-08-02 00:00:18.145 2aab0310 Info: Loading filter file: /opt/etc/privoxy/default.filter

2012-08-02 00:00:18.169 2aab0310 Info: Loading filter file: /opt/etc/privoxy/adblock.script.filter

2012-08-02 00:00:18.169 2aab0310 Error: Adding re_filter job '*[src[/&:?=_]="http://go\.arbopl\.bbelements\.com/logos/"]' to filter adblock failed with error -101.

2012-08-02 00:00:18.170 2aab0310 Info: Loading filter file: /opt/etc/privoxy/adblock-pxf-polish.script.filter

2012-08-02 00:00:18.170 2aab0310 Error: Adding re_filter job 'div[id*="reklam"],div[class="reklam"]' to filter adblock-pxf-polish failed with error 2.

2012-08-02 00:00:18.171 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylist.script.filter

2012-08-02 00:00:23.102 2aab0310 Error: Adding re_filter job 's|.*||g' to filter easylist failed with error 68.

2012-08-02 00:00:24.358 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylistgermany.script.filter

2012-08-02 00:00:24.377 2aab0310 Error: Adding re_filter job 'input[onclick[/&:?=_]="window\.open('http://www\.firstload\.de/affiliate/"]' to filter easylistgermany failed with error -101.

2012-08-02 00:00:24.377 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easyprivacy.script.filter

2012-08-02 00:00:24.377 2aab0310 Info: Loading filter file: /opt/etc/privoxy/fanboy-adblock.script.filter

2012-08-02 00:00:24.380 2aab0310 Error: Adding re_filter job 's|onclick[/&:?=_]="window\.open('http://adultfriendfinder\.com/search/">||g' to filter fanboy-adblock failed with error 70.

2012-08-02 00:00:37.380 2aab0310 Error: Adding re_filter job 'A[href[/&:?=_]="http://secure\.hostgator\.com/~affiliat/"]' to filter fanboy-adblock failed with error -101.

2012-08-02 00:00:37.383 2aab0310 Error: Adding re_filter job 'A[href[/&:?=_]="http://www\.dreamhost\.com/r\.cgi?"]' to filter fanboy-adblock failed with error -101.

2012-08-02 00:00:37.390 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="ava_"][style="text-align:center;"]' to filter fanboy-adblock failed with error 2.

2012-08-02 00:00:37.409 2aab0310 Error: Adding re_filter job 'a\.ad_policy' to filter fanboy-adblock failed with error -101.

2012-08-02 00:00:37.465 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="div-gpt-ad-"]' to filter fanboy-adblock failed with error 2.

2012-08-02 00:00:37.468 2aab0310 Error: Adding re_filter job 'iframe[src[/&:?=_]="http://ad\.yieldmanager\.com/"]' to filter fanboy-adblock failed with error -101.

2012-08-02 00:00:37.468 2aab0310 Info: Loading actions file: /opt/etc/privoxy/match-all.action

2012-08-02 00:00:37.469 2aab0310 Info: Loading actions file: /opt/etc/privoxy/default.action

2012-08-02 00:00:37.509 2aab0310 Info: Loading actions file: /opt/etc/privoxy/user.action

2012-08-02 00:00:37.512 2aab0310 Info: Loading actions file: /opt/etc/privoxy/adblock.script.action

2012-08-02 00:00:37.520 2aab0310 Info: Loading actions file: /opt/etc/privoxy/adblock-pxf-polish.script.action

2012-08-02 00:00:37.526 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easylist.script.action

2012-08-02 00:00:37.748 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easylistgermany.script.action

2012-08-02 00:00:37.827 2aab0310 Info: Loading actions file: /opt/etc/privoxy/easyprivacy.script.action

2012-08-02 00:00:37.933 2aab0310 Info: Loading actions file: /opt/etc/privoxy/fanboy-adblock.script.action

2012-08-02 00:00:38.108 2aab0310 Info: Listening on port 8118 on IP address 192.168.0.100

ps|grep -v grep|grep "privoxy /opt/etc/privoxy/config"|wc -l