Squid redirector

Written in vi editor

A Squid proxy server redirector replaces certain URLs with others. It can therefore be used as an ad-blocker. Speeding up page load speeds and reduce tracking. Here a list of Squid Related Redirectors Software.

Squid redirector with RBL support

This redirector matches URLs against entries in a file. It can match against the beginning of an URL, the end of an URL and a substring of an URL.
It can also lookup host-names and IP addresses in DNS-based blacklists or RBLs.
Keep in mind that this will lead to false positives. Often there are many websites sharing the same IP address(es). Blacklisting a single IP address will block access to all of those sites. Including those which are not malicious.

Files

/etc/sredir/

Directory for conf files.

/etc/sredir/sredir.conf

debug
Optional. 'debug on' will enable debugging.
redirurl
You need this. The redirurl is the URL the redirector redirects to. Usually a link to a small transparent GIF. E.G.;
redirurl http://www.example.org/images/transparant.gif
This won't work for HTTPS: The browser will complain. The site still gets blocked though.
dnsbl
Optional. Syntax;
dnsbl mode name
E.G.;
dnsbl 4 blacklist.example.net
You can use multiple blacklists.
dnsbl mode

This is a OR of;

1Check host-name
2If alias, check CNAME
4Check IP address(es)
8Log TXT record

/etc/sredir/sredir.deny

List of URLs not to fetch.
Syntax;

Grep This program 
 ^Foobar  Foobar
 Foobar$  *Foobar
 .*Foobar.*  *Foobar*
Examples
http://ad.doubleclick.net/  Matches any URL that begins with 'http://ad.doubleclick.net/'.
ad.doubleclick.net The same for HTTPS.
*count.gif Matches any URL that ends in 'count.gif'.
*doubleclick* Matches any URL that contains 'doubleclick'.
Remarks

/var/local/log/squid/

Directory for log files. The directory has to be writable by the Squid process owner.

/var/local/log/squid/sredir.log

Format;
epoch.ms pid blocked_host_or_ip blacklist A lookup TXT

epoch
Number seconds since the 1st of January 1970 00:00:00 UTC.
ms
Milli seconds.
pid
Process ID of redirector. Squid may spawn several. This way you can tell their log entries apart.
blocked_host_or_ip
Host-name or IP address of blocked website.
blacklist
The blacklist that blocked it.
A
RBLs return an IP address just above 127.0.0.1. E.G.: 127.0.0.2.
lookup
The actual lookup that resulted in the above IP address.
TXT
TXT record for the same lookup. Usually a link to a web-page explaining why this IP address is blacklisted.

Lookup examples;

HostLookup
 www.example.org  www.example.org.blacklist.example.net
 192.168.2.1  1.2.168.192.blacklist.example.net
 2001:db8:2::1  1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.8.b.d.0.1.0.0.2.blacklist.example.net 

Before log-file rotation you need to reload Squid. This will kill the redirectors.

Download

rblsredir.c
For TXT look-ups to work you need to remove the comments around '#define RSD_TXT_LKP 1'. If you do this you need to compile with -lresolv;
cc -O2 -Wall -lresolv -o rblsredir rblsredir.c
The maximum number of RBLs is eight. If you want more you need to increase the number next to '#define RSD_MAXLISTS'.

Convert Spamhaus blacklists into zone files

The Spamhaus DROP (Don't Route Or Peer) list consists of a number of files in network/netmask format. They are ment to be part of a firewall. You can however, convert them in a blacklist zone file instead.
The stuff below does this for you;

get-dnsbl.sh
Script that does most of the work. Edit to suit your needs.
local-rbl-head
Header for zone file. Edit to suit your needs.
procdrop.c
Program that generates the zone file entries.
The '-t' option adds TXT records.

You can add your own extries if you want.
E.G.;

malice.example.com	IN	A	127.0.0.2

Search