OpenWrt访客WiFi植入广告

好吧,这确实是一个很奇怪的需求。

1.设置访客WiFi

http://www.right.com.cn/forum/thread-173844-1-1.html

其中网络接口的IP地址设置为172.16.68.1

2.配置Privoxy

Privoxy是一款不进行网页缓存且自带过滤功能的代理服务器,针对HTTP、HTTPS协议。通过其过滤功能,用户可以保护隐私、对网页内容进行过滤、管理Cookie,以及拦阻各种广告等。Privoxy可以单机使用,也可以应用到多用户的网络。它也可以与其他代理相连,更可以突破互联网审查。

安装privoxy:

opkg install privoxy

配置privoxy:

cd /etc/privoxy/
vi config

编辑config

高亮行为需要添加/修改的

confdir /etc/privoxy
logdir /var/log
filterfile default.filter
filterfile user.filter
logfile privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
listen-address  172.16.68.1:8118
toggle  1
enable-remote-toggle  1
enable-remote-http-toggle  0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries  0
accept-intercepted-requests 1
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 300
socket-timeout 300
permit-access  172.16.68.0/24
debug   1    # show each GET/POST/CONNECT request
debug   4096 # Startup banner and warnings
debug   8192 # Errors - *we highly recommended enabling this*
#admin-address [email protected]
#proxy-info-url http://www.example.com/proxy-service.html

user.filter中添加要注入的脚本:

FILTER: guest-wifi
s|</head>|<script type="text/javascript" src="http://example.com/ad.js"></script>$0|

user.action中调用user.filter的规则:

{+filter{guest-wifi}}
.*

3.将流量转发到Privoxy

下面的指令会将所有来自172.16.68.*,访问80端口的请求转发到位于8118端口的privoxy:

iptables -t nat -A PREROUTING -s 172.16.68.1/24 -p tcp --dport 80 -j REDIRECT --to-ports 8118

4.后记

 

  • privoxy会导致访问延迟。
  • privoxy官方文档中明确指出不支持https流量的拦截。