If you have a network share, e.g. smb or nfs you can mount and store it there.
1 Like
That's actually a good idea. Is it possible to build an absolute low-budget NAS based on a USB-stick ?!?
Have you searched YouTube?
Because OpenWrt is not a 'NAS' forum.
...and you have strayed the thread off-topic.
A used raspberry pi would be enough for this. But on the other hand you would also get a used router with usb port for the price.
1 Like
Are you able create a historic log of all URLs and DNS requests of the respective host with Privoxy?
yes, which is what I consider a major advantage over a host file - I can see what all is being requested and allowed.
1 Like
eguardian for image analysis and phrase filtering most likely uses something like squid-proxy in transparent/intercept mode for https. Which, unfortunately, is becoming more and more unusable because of HSTS, for example. And, installation of certs on the clients only feasable in stable environments, i.e. organizations.
Privoxy does not log dns requests.
Where did you get that idea?
$ tail -f $T/privoxy.log | ./privoxy-log-parser.pl
. . .
00:24:22.945 00001b58 Request: unknown.domain.foo:443/
00:24:22.946 00001b58 Info: Can not resolve unknown.domain.foo: No such host is known.
00:24:22.948 00001b58 Error: connect to: unknown.domain.foo:443 failed: WSAHOST_NOT_FOUND - Host not found.
00:24:22.974 00001b58 Crunch: DNS failure: unknown.domain.foo:443
You can get privoxy-log-parser.pl from
https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=tools/privoxy-log-parser.pl;hb=HEAD
Logging URLs requires enabling https-inspection which I'm still a bit leery of but it can be interesting:
00:50:53.077 00000510 Request: https://old.reddit.com/r/netflix/
00:50:54.280 00000510 Re-Filter: Decompression successful. Old size: 49940, new size: 285555. (saved: 82.51%)
00:50:54.284 00000510 Re-Filter: filtering old.reddit.com/r/netflix/ (size 285555) with 'flag-sponsored-links' produced 1 hits (new size 286263) (+708)
00:50:54.285 00000510 Re-Filter: filtering old.reddit.com/r/netflix/ (size 286263) with 'linktrackers' produced 2 hits (new size 286339) (+76)
00:50:54.287 00000510 Re-Filter: filtering old.reddit.com/r/netflix/ (size 286339) with 'linkicons' produced 13 hits (new size 286729) (+390)
00:50:54.582 00001478 Request: https://www.redditstatic.com/reddit.YXox_dqXzrc.css
00:50:54.592 00000dc8 Request: https://www.redditstatic.com/author-tooltip.1VKQhhDIRMI.css
00:50:54.592 00001090 Request: https://www.redditstatic.com/expando.gMzRK16vwrQ.css
00:50:54.594 00001c9c Request: https://www.redditstatic.com/crosspost-preview.De3P20Yb4PY.css
00:50:54.598 000016d8 Request: https://www.redditstatic.com/listing-comments.AZZO7Kj_O88.css
Of course you have to force clients to use the routers dns and block requests to external dns servers.
Correct.
FYI, I use privoxy on the router, along with dnsmasq setting on
the router:
dhcp-option=252,http://config.privoxy.org/wpad.dat
and a wpad.dat + proxy.pac in routers /www dir. I implemented the
wpad feature in privoxy.
Could you send me the code to do
config.privoxy.org/wpad.dat
Or make a feature-request ticket at
https://sourceforge.net/p/ijbswa/support-requests/
and add the code there?
Thanks
Lee
Fabian integrated the patch a while ago:
Of course privoxy can log it's own dns requests, but does not see dns requests to the router's dns. By the way, if you want https filtering, then you should enable it in the openwrt package.
How do you deal with apps that use certificate pinning? I was going to setup eBlocker to do mitm ad blocking to get rid of ads that make it around DNS blocking, like sponsored posts and YT ads. People in the eBlocker forum were saying you couldn't block some of the ads in apps because those apps pin their own certificates.
I'd like to be able to get around that because it's a hassle to keep everyones phones and tablets working with hacked versions of the apps(reVanced and the like).
Well, you were right:
I got an ethernet adapter and plugged in the pi-hole and it is, noticeably, faster. And that is with Unbound; so just the request and the reply, that did not even need to be looked up, was adding noticeable time .
1 Like
No chance. Now you notice yourself, why goggle REALLY forced https: First serious hurdle against ad blocking. Pinning is next.
Nope, lookup Edward Snowden and when he leaked classified documents.
Then take a look at https://datatracker.ietf.org/doc/rfc7258/
1st draft was Nov. 2013
Thanks, I forgot all about Fabian integrating that patch 
I don't think so.. or are there easy/complete instructions on how to build Privoxy on a linux box for openwrt? The only time I run a stock version of Privoxy is for a few hours when testing out a new version.
& for what it's worth, my gl.inet mt3000 came in (yay!) I left it with the default OS, installed bind, my RPZ zones and configured the travel router as the only DNS server for everything behind it. It works great as a travel router/ ad blocker.. the only problem is that after some time -- a day, maybe 3, DNS breaks and I need to restart bind So not a perfect solution but it does make watching a "smart" tv tolerable.
I noticed that bind on the mt3000 is 9.18.7 and the current version is 9.18.27
Openwrt is a bit better - it looks like openwrt offers 9.18.19-1 -- so better but not better enough to make me want to switch to openwrt. I opened a feature request for openwrt to update bind. If it does get updated I'd be seriously tempted to try pure openwrt on the mt3000.
I don't think so.. or are there easy/complete instructions on how to build Privoxy on a linux box for openwrt? The only time I run a stock version of Privoxy is for a few hours when testing out a new version.
1 Like
Thanks for the info but getting a non-naive toolchain installed and working was a bit too much for me.
I went with the gl.inet tech support suggestion of installing the native openwrt firmware that had a later version of bind and now with DNS just works 
Hi @KONG and @timur.davletshin, if it is not too much trouble, could you answer these questions:
-
Is there a guide or can you make a guide on how to install privOxy, configure privOxy and do everything you mention with privOxy for OpenWrt?
-
Which router do you need to install privOxy, a router with x86 processor or can you install it on a router with ARM processor like the BPI-R4?
-
Is privOxy complicated to use and configure and only recommended for super-advanced users or can it be easily configured via SSH with commands?
-
What do you think about this "privAxy" project, do you think it can become an OpenWrt supported package?
Privoxy can be configured for this purpose and as far as I remember this process was described already. I couldn't have it invented. Problem was in finding blocklists which were properly ported to Privoxy's needs. I used first lists which popped up in google search results (they linked Github projects).
As for making docs for OpenWrt: OpenWrt's builds, as I already said, lack of required build option which allows URL filtering. So, first someone has to push those options to default builds. I have no idea why was it disabled (space saving?).
Actually I don't oppose the idea, that this blocking technique should acquire more attention from users. It can actually block a lot of nasty ads... sure, if you can install certificates on target devices.
1 Like
So far as I, being new to running DNS based ad blocking, can determine AdGuard Home provides that capability and DNS over TLS and DNS over QUIC also. Am I perhaps misunderstanding the technical solution that AdGuard Home provides?
Sure Adguard can do that but Adguard is a rather bloated piece of software in my opinion.
Just using HTTPS-DNS Proxy and an adblock package gives you secure ad free browsing just what the doctor ordered.
I use smartdns for DoH and adblock fast
1 Like