"Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.
Privoxy is based on Internet Junkbuster (tm)."
I've just added this to my DansGuardian setup. What I have now is:
Browser -> Firewall -> ipchains redirect -> /usr/sbin/redir -> server -> DansGuardian -> Squid -> Privoxy ->
Privoxy is configured to only accept requests from Squid, and Squid is forcely configured to use Privoxy as a parent cache. Edit /etc/squid/squid.conf to read:
cache_peer 127.0.0.1 parent 8118 7 no-query # .... acl all src 0.0.0.0/0.0.0.0 # .... always_direct deny all
(Squid runs on port 3128 by default. The "8118" in the first line is the port that Privoxy runs on.)
To test your new Squid configuration, here's a quick test:
setenv http_proxy http://localhost:3128 ; lynx -dump http://www.yahoo.com | head
To lock down the network a bit further, I added ACLs so that only my workstation and the server can access Squid directly. Everyone else must use DG as a transparent proxy. The only time I switch to Squid instead of transproxy is when running something like WindowsUpdate, which is really errorprone under DG's filtering.
As far as install goes, it exists in Debian, so all you need to do is: apt-get install privoxy
It also exists in Fedora Core:
yum install privoxy