Install Privoxy on Raspberry PI for Kid Safe Browsing

Posted on by
4.7
(3)

With smart devices becoming familiar also to very young people, kids are going to be more and more exposed to web contents. Unfortunately, web also become populated from people with rather questionable purposes.

This means that controlling home devices and defending it from accessing dangerous sites is a must for parents all over the world.

An addictional desiderable service is also protecting kids from unwanted advertisement which can include paid services.

Raspberry PI Zero W unpopulated

With this in mind, Raspberry PI offers a fantastic opportunity because it can provide powerful proxying services with filtering capabilities.

In this tutorial, I’m going to show you how to setup Privoxy in a very cheap Raspberry PI Zero W board. This guide will work also with newer Raspberry PI boards with same steps.

What is Privoxy

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.Can be used both for single device protection (by installing it on device you want to protect) and newtork protection (by configuring network devices to use privoxy server as proxy).

Privoxy is Free Software and licensed under the GNU GPLv2.

According to Privoxy introduction page, in addition the core features (ad blocking and cookie management), it provides many advanced features:

  • Supports “Connection: keep-alive”. Outgoing connections can be kept alive independently from the client.
  • Supports IPv6, provided the operating system does so too, and the configure script detects it.
  • Supports tagging which allows to change the behaviour based on client and server headers.
  • Can be run as an “intercepting” proxy, which obviates the need to configure browsers individually.
  • Sophisticated actions and filters for manipulating both server and client headers.
  • Can be chained with other proxies.
  • Integrated browser-based configuration and control utility at http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based tracing of rule and filter effects. Remote toggling.
  • Web page filtering (text replacements, removes banners based on size, invisible “web-bugs” and HTML annoyances, etc.)
  • Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions files won’t overwrite individual user settings.
  • Support for Perl Compatible Regular Expressions in the configuration files, and a more sophisticated and flexible configuration syntax.
  • GIF de-animation.
  • Bypass many click-tracking scripts (avoids script redirection).
  • User-customizable HTML templates for most proxy-generated pages (e.g. “blocked” page).
  • Auto-detection and re-reading of config file changes.
  • Most features are controllable on a per-site or per-location basis.
  • Many smaller new features added, limitations and bugs removed.

What We Need

As usual, I suggest adding from now to your favourite e-commerce shopping cart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:

Check hardware prices with following links:

Amazon raspberry pi boards box
Amazon raspberry pi Zero W box
Amazon Micro SD box
Amazon Raspberry PI Power Supply box

Step-by-Step Procedure

Prepare Operating System

Start preparing your environment by installing Raspberry PI OS Lite. This procedure will however work also with Raspberry PI OS Desktop, but providing less performances (because of resources load required to run desktop environment).

Make your OS up to date. From Raspberry PI terminal:

sudo apt update
sudo apt upgrade

Install Privoxy

Raspberry PI OS has debian under its hood. Aptitude package manager strongly simplify Privoxy installation. From terminal:

sudo apt install privoxy

Privoxy installation will include also a settings folder available in /etc/privoxy/.

To use a very basic protection, edit privoxy configuration to set which PI port will be used for client incoming connections:

sudo nano /etc/privoxy/config

Identify “listen-address 127.0.0.1:8118” row and change it with your Raspberry PI IP address, followed by “:8118”. In my case, my RPI IS is 192.168.1.78, so my configuration will be

listen-address 192.168.1.78:8118

Close and save file. Restart privoxy service:

sudo systemctl restart privoxy.service

Configure Browser Proxy Settings

This section vary depending on used browser. So, you may be required to check you browser docs if you don’t know how to setup proxy configs.

With Mozilla Firefox, for example, go to Settings -> General Tab -> Network Settings section -> (use button “Settings”). In next screen, configure the following parameters:

  • 1. Set “Manual proxy configuration” option
  • 2. use your Raspberry PI IP address for “HTTP Proxy” parameter
  • 3. use “8118” in port parameter
  • 4. Set “Also use this proxy for FTP and HTTP” to extend Privoxy usage also with different internet protocols
Firefox set proxy for privoxy

You can also apply proxy system-wide (for all browsers). Also this depends on your device. For windows computers, go to Internet Options -> Connections tab -> (use button LAN Settings).

Mark “Use a proxy server for your LAN (…)” option and use Raspberry PI IP address for “Address” field and “8118” for port field. Then click “Ok” button.

From here, you can start navigating safely with default Privoxy shields.

Addictional Useful Configurations

Config File

As said, the main configuration file is “/etc/privoxy/config”.

In this file, configuration lines consist of an initial keyword followed by its value(s), all separated by whitespace. For example:

confdir /etc/privoxy

Sets “confdir” parameter to “/etc/privoxy” value.

Excluding confdir and logdir, all other parameters are optional (with the meaning that they use their default if not explicity set). The main config file controls Privoxy’s service operations that are not location dependent (no matter where you may be surfing).

Action FIle

The actions files are used to define Privoxy tasks executed against URLs, Some examples can be images and http content handling both in general dropped URLs and specifically sexplicited URLs.

Combining actions will result in complex and advanced effects against a given URLs set.

Filter File

Privoxy filters give options to manipulate page parts before entering under Action rules. Common tasks for content filters are eliminating common annoyances in HTML and JavaScript (like pop-up windows, exit consoles and crippled windows without navigation tools).

Multiple filter files can be defined through the filterfile config directive. The filters as supplied by the developers are located in default.filter. It is recommended that any locally defined or modified filters go in a separately defined file such as user.filter.

Substitutions are made at the source level, so if you want to “roll your own” filters, you should first be familiar with HTML syntax, and, of course, regular expressions.

Filter definitions start with a header line that contains the filter type, the filter name and the filter description. A content filter header line for a filter called “foo” could look like this:

FILTER: foo Replace all "foo" with "bar"

Below that line, and up to the next header line, come the jobs that define what text replacements the filter executes. They are specified in a syntax that imitates Perl’s s/// operator. If you are familiar with Perl, you will find this to be quite intuitive, and may want to look at the PCRS documentation for the subtle differences to Perl behaviour.

Working With Other Proxies (parent proxy)

This can be done and is often useful to combine the benefits of Privoxy with those of a another proxy. To do this, you need understand your proxy chain and setup parts accordingly.

An example can be using Squid (which listens, by default, on 3128 port). In this case, proxy chain will be the following:

Proxy chain Privoxy Squid

In this example, Privoxy needs to be configured to forward its http requests to Squid host proxy on port 3128. Supposing squid running on same device, Privoxy will forward to port 3128 on same host (127.0.0.1) and its config file will be set with following parameter:

forward / 127.0.0.1:3128

If you want to use Privoxy with TOR (The Onion Routers) to improve anonimity, you need to consider that TOR implements a socks5 proxy and uses 9050 port by default. In this scenario, proxy chain will be:

Proxy chain Privoxy Tor

This time, Privoxy needs to know that its follower in chain is a socks5 proxy which listens on 9050 port. Again, supposing that TOR is running on same host, Privoxy config file will be configured including following line (including last dot):

forward-socks5t / 127.0.0.1:9050 .

Enjoy!

How useful was this post?

Click on a star to rate it anonymously!

Average rating 4.7 / 5. Vote count: 3

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?