Install Privoxy on Raspberry PI for Kid Safe Browsing
With smart devices becoming familiar also to very young people, kids are going to be more and more exposed to web contents. Unfortunately, web also become populated from people with rather questionable purposes.
This means that controlling home devices and defending it from accessing dangerous sites is a must for parents all over the world.
An addictional desiderable service is also protecting kids from unwanted advertisement which can include paid services.
With this in mind, Raspberry PI offers a fantastic opportunity because it can provide powerful proxying services with filtering capabilities.
In this tutorial, I’m going to show you how to setup Privoxy in a very cheap Raspberry PI Zero W board. This guide will work also with newer Raspberry PI boards with same steps.
What is Privoxy
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.Can be used both for single device protection (by installing it on device you want to protect) and newtork protection (by configuring network devices to use privoxy server as proxy).
Privoxy is Free Software and licensed under the GNU GPLv2.
According to Privoxy introduction page, in addition the core features (ad blocking and cookie management), it provides many advanced features:
- Supports “Connection: keep-alive”. Outgoing connections can be kept alive independently from the client.
- Supports IPv6, provided the operating system does so too, and the configure script detects it.
- Supports tagging which allows to change the behaviour based on client and server headers.
- Can be run as an “intercepting” proxy, which obviates the need to configure browsers individually.
- Sophisticated actions and filters for manipulating both server and client headers.
- Can be chained with other proxies.
- Integrated browser-based configuration and control utility at http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing of rule and filter effects. Remote toggling.
- Web page filtering (text replacements, removes banners based on size, invisible “web-bugs” and HTML annoyances, etc.)
- Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions files won’t overwrite individual user settings.
- Support for Perl Compatible Regular Expressions in the configuration files, and a more sophisticated and flexible configuration syntax.
- GIF de-animation.
- Bypass many click-tracking scripts (avoids script redirection).
- User-customizable HTML templates for most proxy-generated pages (e.g. “blocked” page).
- Auto-detection and re-reading of config file changes.
- Most features are controllable on a per-site or per-location basis.
- Many smaller new features added, limitations and bugs removed.
What We Need
As usual, I suggest adding from now to your favourite e-commerce shopping cart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:
- Raspberry PI Zero W (including proper power supply or using a smartphone micro usb charger with at least 3A) or newer Raspberry PI Board
- high speed micro SD card (at least 16 GB, at least class 10)
Check hardware prices with following links:
Step-by-Step Procedure
Prepare Operating System
Start preparing your environment by installing Raspberry PI OS Lite. This procedure will however work also with Raspberry PI OS Desktop, but providing less performances (because of resources load required to run desktop environment).
Make your OS up to date. From Raspberry PI terminal:
sudo apt update sudo apt upgrade
Install Privoxy
Raspberry PI OS has debian under its hood. Aptitude package manager strongly simplify Privoxy installation. From terminal:
sudo apt install privoxy
Privoxy installation will include also a settings folder available in /etc/privoxy/.
To use a very basic protection, edit privoxy configuration to set which PI port will be used for client incoming connections:
sudo nano /etc/privoxy/config
Identify “listen-address 127.0.0.1:8118” row and change it with your Raspberry PI IP address, followed by “:8118”. In my case, my RPI IS is 192.168.1.78, so my configuration will be
listen-address 192.168.1.78:8118
Close and save file. Restart privoxy service:
sudo systemctl restart privoxy.service
Configure Browser Proxy Settings
This section vary depending on used browser. So, you may be required to check you browser docs if you don’t know how to setup proxy configs.
With Mozilla Firefox, for example, go to Settings -> General Tab -> Network Settings section -> (use button “Settings”). In next screen, configure the following parameters:
- 1. Set “Manual proxy configuration” option
- 2. use your Raspberry PI IP address for “HTTP Proxy” parameter
- 3. use “8118” in port parameter
- 4. Set “Also use this proxy for FTP and HTTP” to extend Privoxy usage also with different internet protocols

You can also apply proxy system-wide (for all browsers). Also this depends on your device. For windows computers, go to Internet Options -> Connections tab -> (use button LAN Settings).
Mark “Use a proxy server for your LAN (…)” option and use Raspberry PI IP address for “Address” field and “8118” for port field. Then click “Ok” button.
From here, you can start navigating safely with default Privoxy shields.
Addictional Useful Configurations
Config File
As said, the main configuration file is “/etc/privoxy/config”.
In this file, configuration lines consist of an initial keyword followed by its value(s), all separated by whitespace. For example:
confdir /etc/privoxy
Sets “confdir” parameter to “/etc/privoxy” value.
Excluding confdir and logdir, all other parameters are optional (with the meaning that they use their default if not explicity set). The main config file controls Privoxy’s service operations that are not location dependent (no matter where you may be surfing).
Action FIle
The actions files are used to define Privoxy tasks executed against URLs, Some examples can be images and http content handling both in general dropped URLs and specifically sexplicited URLs.
Combining actions will result in complex and advanced effects against a given URLs set.
Filter File
Privoxy filters give options to manipulate page parts before entering under Action rules. Common tasks for content filters are eliminating common annoyances in HTML and JavaScript (like pop-up windows, exit consoles and crippled windows without navigation tools).
Multiple filter files can be defined through the filterfile config directive. The filters as supplied by the developers are located in default.filter. It is recommended that any locally defined or modified filters go in a separately defined file such as user.filter.
Substitutions are made at the source level, so if you want to “roll your own” filters, you should first be familiar with HTML syntax, and, of course, regular expressions.
Filter definitions start with a header line that contains the filter type, the filter name and the filter description. A content filter header line for a filter called “foo” could look like this:
FILTER: foo Replace all "foo" with "bar"
Below that line, and up to the next header line, come the jobs that define what text replacements the filter executes. They are specified in a syntax that imitates Perl’s s/// operator. If you are familiar with Perl, you will find this to be quite intuitive, and may want to look at the PCRS documentation for the subtle differences to Perl behaviour.
Working With Other Proxies (parent proxy)
This can be done and is often useful to combine the benefits of Privoxy with those of a another proxy. To do this, you need understand your proxy chain and setup parts accordingly.
An example can be using Squid (which listens, by default, on 3128 port). In this case, proxy chain will be the following:

In this example, Privoxy needs to be configured to forward its http requests to Squid host proxy on port 3128. Supposing squid running on same device, Privoxy will forward to port 3128 on same host (127.0.0.1) and its config file will be set with following parameter:
forward / 127.0.0.1:3128
If you want to use Privoxy with TOR (The Onion Routers) to improve anonimity, you need to consider that TOR implements a socks5 proxy and uses 9050 port by default. In this scenario, proxy chain will be:

This time, Privoxy needs to know that its follower in chain is a socks5 proxy which listens on 9050 port. Again, supposing that TOR is running on same host, Privoxy config file will be configured including following line (including last dot):
forward-socks5t / 127.0.0.1:9050 .
Enjoy!