Post Reply 
Bfilter, Squid and DD-WRT
Dec. 16, 2010, 02:49 AM (This post was last modified: Dec. 16, 2010 03:59 AM by bkruggel.)
Post: #1
Bfilter, Squid and DD-WRT
Add Thank You Quote this message in a reply
Dec. 16, 2010, 05:06 PM (This post was last modified: Dec. 16, 2010 05:08 PM by Graycode.)
Post: #2
RE: Bfilter, Squid and DD-WRT
HTTP requests that go directly to a web server (not going to a proxy) look like this:
Code:
GET / HTTP/1.1
Host: www.example.com

For a request that IS going to a proxy, the protocol and host is given in the request line.
Code:
GET http://www.example.com/ HTTP/1.1
Host: www.example.com

By your having fooled the computers into not knowing there's a proxy in the mix, their browsers are naturally sending the server format vs. proxy format. Apparently BFilter does not support that. It sees '/' where it expects to see the 'http://' protocol and so responds with "Unsupported Request Protocol".

A solution may be to swap the order of your proxies. Instead of BFilter:8080 forwarding to Squid:3128, make Squid the primary entry point. You'll need to tell Squid to route requests through the BFilter proxy. http://wiki.squid-cache.org/Features/CacheHierarchy
Add Thank You Quote this message in a reply
Dec. 17, 2010, 12:10 AM
Post: #3
RE: Bfilter, Squid and DD-WRT
Wow - thanks a lot! I didn't have any idea...

However, I was testing bfilter today and in fact I found a website that was completely misdetected - (http://www.videotron.com) - this website does exactly what bfilter doesn't like (and me neither) - to make a horrible mess with JavaScript.
So I also tested privoxy this morning, but performance sufferred significantly (the setup in the moment works significantly faster than traditional Firefox AdBlock, especially on slower machines like netbooks and tablets). The nice thing was that Privoxy has a whitelist - which BFilter obviously lacks, and NOFILTER has no effect on javascript. Disabling filters for BFilter is obviously not the purpose.

The other problem are all the different OS here, again. I tried automatic solutions for an Ubuntu Laptop with a badly configured environment and a Workstation with Gnome - I configured the laptop browsers one by one to use the proxy and for the PC, I told Gnome to use the proxy. Result: the laptop works as expected (browser uses the proxy, all the rest doesn't), on the PC browsing works, but for example empathy is broken (MSN and Yahoo can't connect).
So maybe I'll do the configuration for Macs and Linuxes like I did on the laptop, which is fully automatic (due to ifupdown and some wrapperscripts). And Windows users will have to get ProxyFoxy or something.

Anyway, thank you very much - I'll have to look at this stuff more precisely when I have time.
Add Thank You Quote this message in a reply
Dec. 17, 2010, 06:41 PM (This post was last modified: Dec. 17, 2010 07:11 PM by bkruggel.)
Post: #4
RE: Bfilter, Squid and DD-WRT
This doesn't leave me :-)

Your solution is great and simple. After 2 hours fiddling with squidguard (until I understood that the reason it didn't work was that it simply segfaulted every time) I tried as you said.
And, well, it simply works. No configuration or horrible wrapper scripts. Empathy doesn't decide anything anymore, so MSN and Yahoo work, https pages work, everything is great.

I still have to check the CPU load, though. I made a test yesterday with somebody else who 'surfs' the web at far higher speed than I do while somebody was streaming music from the server to the kitchen and the fan on the old iBook (the server) went on.
I am wondering if it is the filtering or the blocking that uses more cpu load? In the worst case, I could still try to remove the keyboard from the iBook...

BTW: The problem with Videotron was in the cache somewhere. When I cleared all caches (squid and local caches) and deleted cookies, it went completely away.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: