The Ultimate Web-Browsing Machine: RHEL/Centos/Fedora Linux with Squid and Privoxy

Includes a working sample Privoxy user.action file

By Frank Cox

(September 16, 2007)


The original version of this article was written on September 15, 2007.

It was updated on September 16, 2007. Changes are: (1) a later version of the squid.conf file (SQUID 2.6.STABLE13 ); (2) add “no-digest” to the cache_peer line (not having it doesn't seem to hurt anything but it creates some error messages in the Squid cache log so it's neater to include “no-digest”); (3) added a description of how to bypass the proxy from Firefox for badly-behaved web pages.

July 25, 2010 update: Added RHEL and Centos to the article heading. Add information about how to avoid “an error occurred” message with youtube videos. Change reference from All-in-One Gestures extension to FireGestures extension. Change reference from CustomizeGoogle extension to OptimizeGoogle extension.


For the past several years, my Internet web browsing experience has been very nearly completely advertising and distraction-free. When I go to a website I am interested in reading the content or viewing the photos that I came to see. I don't need jumping animated monkeys and flashing “BUY ME” junk all over my screen. Just the content for me, thanks, without the distractions.

Not downloading the advertising and other unnecessary content also speeds up my web-browsing experience. I don't have to wait so long for a page to load because there is actually less data to download when displaying a web page. The bandwidth saving aspect isn't much of a concern if you have a high-speed unlimited bandwidth Internet service, but if you are on a slow Internet connection or pay by the byte for your Internet service, this can make a big difference in the speed of your activity and save you some significant dollars every month as well.

In addition, many adservers are overloaded – you can imagine how much traffic a busy adserver could be trying to handle. Your web browser stops and waits for connections to those adservers, of course, and that can also slow things down considerably. Skipping over the ads prevents this from happening as your computer doesn't ever try to connect to the adservers. No connection attempt equals no wait while that attempt is being made (or in this case, not being made).

When you read a newspaper or a magazine, you have no choice but to view and either read or try to ignore the ads. They are pre-printed on the pages that you are viewing, there isn't much you can do about it. Computer screens, on the other hand, are infinitely malleable and you can easily select or modify the data that's coming in to your computer and display it using a method of your own choosing. You do not generally have to view the content of a web page with advertising or other unwanted content unless you really want to.

There are three things that all work together when creating the Ultimate Web-Browsing Machine. Those components are Squid (a web proxy cache), Privoxy (another web proxy that can filter out advertising and other unwanted content on web pages), and four Firefox extensions FireGestures, OptimizeGoogle, Image Zoom and NoScript).

This article will describe how to set up each of these components so you can have the Ultimate Web-Browsing Machine on your desk.

These instructions are written for Fedora Linux, Red Hat Enterprise Linux, and Centos. It is, in fact, a description of how my Centos 5 desktop computers are set up right now. Setting this up on any other Linux distribution is (or should be) a very similar process.

THEORY OF OPERATON

The Ultimate Web-Browsing Machine works by having your web browser (Firefox) talk to Squid, which in turn talks to Privoxy. Privoxy handles all interaction with the outside world. The Firefox extensions listed in the previous section handle browser-level security and add some features that Firefox doesn't provide in its default state.

THE SQUID PROXY CACHE

The first component to set up is the Squid proxy. Install it with this command:

yum install squid

The default Squid configuration file looks quite complex. Luckily, there are very few changes that need to be made for it to work in our Ultimate Web-Browsing Machine.

Edit /etc/squid/squid.conf so the relevant lines in the file look like this:

# Define Privoxy as parent proxy (without ICP) 
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest
# Define ACL for protocol FTP 
acl ftp proto FTP 
# Do not forward FTP requests to Privoxy
always_direct allow ftp 
# Forward all the rest to Privoxy
never_direct allow all

Click here to download my squid.conf file – you can just copy this file into /etc/squid if you wish to avoid having to edit the file yourself.

Now set up the Squid swap directories with this command:

/usr/sbin/squid -z

Start the Squid web proxy service by typing this command:

/sbin/service squid start

You should add Squid to your services so it will automatically start when you boot up your computer. Just click on the Fedora main menu – System – Administration – Services and put a checkmark beside the entry for Squid.

PRIVOXY FILTERING WEB PROXY

Install the Privoxy filtering web proxy with this command:

yum install privoxy

There are no changes that need to be made in the main Privoxy configuration file (/etc/privoxy/config) that you get from the Fedora repository. However, you can click here to download my /etc/privoxy/config file if you would like to compare it to your own.

The main filtering feature of Privoxy is governed by /etc/privoxy/user.action. However, the user.action file that is distributed with Privoxy does pretty much nothing so you have to write your own if you want to actually get rid of the advertising and other web junk.

Click here to download my user.action file. (This user.action file will be updated periodically as I update or change the user.action file that I use on my own computer.)

Now start Privoxy with:

/sbin/service privoxy start

You should add Privoxy to your services so it will automatically start when you boot up your computer. Just click on the Fedora main menu – System – Administration – Services and put a checkmark beside the entry for Privoxy.

Note that you can re-write your user.action file at any time to add or remove any configuration options. Privoxy doesn't have to be re-started after making a change to user.action – it will start using the modified file immediately.

The easiest way to edit /etc/privoxy/user.action (and view statistics about Privoxy) is to type this into your web browser:

http://p.p

(This won't work until you have set up Firefox network connection settings as described in the next section.)

FIREFOX SETUP

Network Connection Settings

You must tell Firefox to talk to Squid instead of directly to your actual Internet connection. Remember, Firefox talks to Squid, Squid talks to Privoxy, and Privoxy talks to the big wide outside world.

On Firefox 2.0 you select Edit – Preferences – Advanced – Network – Settings and select Manual Proxy Configuration. Put “127.0.0.1” in the HTTP proxy box, and “3128” (without the quotation marks) in the Port box. Put a checkmark in “use this proxy server for all protocols”, and put the word “localhost” (without the quotation marks) in the “No Proxy for:” box.

Click OK when done.

There are four Firefox extensions to set up. I will describe each of them separately.

FireGestures Firefox extension

FireGestures is a Firefox extension that allows you to use your mouse to navigate between web pages. For example, if you hold the right mouse button down and move to the left, you go back one page. This way you don't have to move to the top of the screen and click on the “Back” button. Mouse gesture browsing was invented by Opera for their Opera Web Browser, but FireGestures provides the same functionality for Firefox users. After using it for a few minutes, you will wonder how you ever got along without mouse gestures.

Click here to download FireGestures.

OptimizeGoogle Firefox extension

OptimizeGoogle is a very clever Firefox extenstion that adds links to other search engines (like Yahoo and MSN) to Google search pages, and removes ads and spam.

Click here to download OptimizeGoogle.

After installing OptimizeGoogle, you will want to go through the menu options under Tools – OptimizeGoogle Options to set it up the way that you want it to work.

Image Zoom Firefox extension

Image Zoom allows you to resize images in Firefox. For example, I use it to zoom up the size of some daily newspaper comic strips to make the dialog more readable. After installing Image Zoom, just right-click on the image and select the size that you want to view it at.

Click here to download Image Zoom.

NoScript Firefox extenstion

NoScript blocks Javascript, Java and Flash on all web pages unless you specifically allow them. This prevents a lot of crap from happening when you are browsing random web pages.

Click here to download NoScript.

After installing NoScript you will want to click on the NoScript icon in the bottom right-hand side and select Options – Plugins, then put a checkmark in each of the following items: “Forbid Java”, “Forbid Macromedia Flash”, “Forbid Microsoft Silverlight”, and “Show placeholder icon”.

Cookies

It seems that every website on the planet wants to send you a cookie of some kind. Most websites still work fine if you block the cookies that they try to send you. You can tell Firefox to block all cookies by default by selecting Edit – Preferences – Privacy and remove the checkmark from “Accept cookies from sites”.

FINE-TUNING

NoScript tuning

There are some websites that are unusable without allowing Javascript, Java, or Flash. You can enable those websites individually by clicking on the NoScript icon in the bottom right-hand side to enable or disable websites as needed.

Cookie acceptance policy

There are some websites that are unusable or inconvenient to use without allowing them to set a cookie or cookies. The easiest way to deal with these websites is to select Edit – Preferences – Privacy, then put a checkmark in “Accept cookies from sites” and select “Keep until: Ask me every time”. Then browse the website in question and tell Firefox to block or accept each individual cookie as it is sent to you.

Don't forget to go back to Edit – Preferences – Privacy and remove the checkmark from “Accept cookies from sites” when you have finished.

An Error Occurred, please try again later” on youtube.com: If you try to play youtube videos and get this error message instead of the video, go to Edit – Preferences – Privacy and click on the Exceptions button, then add youtube.com (note no www) to the list as “Allow for Session”.

Bypassing the proxy

You may, on very rare occasions, find a web page that simply doesn't work when you attempt to load it through Privoxy and Squid.

There is a Privoxy setting to tell Privoxy to not attempt to do anything with the input from a particular website. However, the simplest way to deal with these sites is to just tell Firefox to bypass the proxy when loading that web page. Select Edit – Preferences – Advanced – Network – Settings and put the name of the website in the “No Proxy for:” box. You can separate multiple names with a comma. For example, your list in the “No Proxy for:” box might look like this: “localhost, www.melvilletheatre.com, www.example.com”.

Desktop network proxy

You can take advantage of the Squid cache with desktop applications (including such things as Gnome panel applets) by configuring a desktop network proxy. This is easily done by clicking on the Fedora main menu – System – Preferences – Internet and Network – Network Proxy. Under “Proxy Configuration” put a checkmark into “Manual proxy configuration” and “Use the same proxy for all protocols. Put 127.0.0.1 in the “HTTP proxy:” box and 3128 in the “Port” box. Under “Advanced Configuration”, enter “localhost” and “127.0.0.0/8” (without the quotation marks) in the “Ignore Host List”.

FINAL SETUP

It will probably take you a day or two to get everything set up the way that you want it. You will have to discover what websites require Javascript, Java, Flash and cookies and get them onto your list of allowed sites. It won't take very long before you have your own customized list of websites to allow these things, and you will have everything else blocked by default. For example, I don't think I have more than about 20 cookies in my Firefox configuration and maybe another 20 or so websites whitelisted with NoScript.

Setting your web browser up this way will be slightly inconvenient for a short period of time because you will have to get your cookie and NoScript whitelists customized for your web browsing habits. However, the initial pain is worth it and it doesn't last very long. Really!

I have been using techniques similar to those described in this article for long enough that I am always mildly surprised when I see someone else browsing websites on a computer that isn't set up this way. It's easy to forget just how many animated ads and flashing lights appear on the average web page when you never see it.



Other articles written by Frank Cox can be found here.

Frank Cox owns and operates the Melville Theatre in Melville, Saskatchewan, Canada, and has been playing with computers for about 30 years.

September 16, 2007


This work is licensed under a Creative Commons Attribution-Share Alike 2.5 Canada License.