HotSpot in Mikrotik, or how to earn $: Part 2
General information
This is the second part of the article, illustrating the possibilities of using OS Mikrotik as a HotSpot point. In the first part I described how to set up HotSpot, as well as introduced the possibility of issuing and purchasing access cards. You can get acquainted with the first part here .
Tasks and Goals
Our main goal is to learn how to implement advertising on your HotSpot to all sites that a user visits.
')
Build, build, tinkering: Mikrotik
First we need to rebuild the current HotSpot a bit so that all requests will be proxied through the secondary server, we execute the following command on the router:
/ip firewall nat add action=dst-nat chain=hs-auth comment="hotspot redirect to proxy" \ disabled=no dst-port=80 in-interface=!e2_v454 protocol=tcp to-addresses=\ XX.XX.XX.XX to-ports=3120 place-before=0 where XX.XX.XX.XX is the ip address of the secondary server,
3120 - proxy port.
This rule redirects all traffic to a secondary proxy server, which will analyze and upgrade it for our needs.
Build, build, tinkering: Secondary server
I use Centos 5.4 as a secondary server. Add the following rule to iptables:
#proxy -A VZ_INPUT -p tcp -m tcp --dport 3120 -j ACCEPT I use non-standard name of the filter tables, if you want to change them like mine, make the following changes in the / etc / sysconfig / iptables file:
:OUTPUT DROP [0:0] :VZ_FORWARD - [0:0] :VZ_INPUT - [0:0] :VZ_OUTPUT - [0:0] -A INPUT -j VZ_INPUT. -A FORWARD -j VZ_FORWARD. -A OUTPUT -j VZ_OUTPUT. For proxying traffic, I use Privoxy , it rather quickly processes a large number of connections.
At the beginning of my experiences, I used perl and the HTTP :: Proxy library, but it works extremely slowly and is not very stable at all, why it is written (library), for me it remains a mystery.
# mkdir /usr/local/proxy mkdir /usr/local/proxy/privoxy cd /usr/local/proxy/privoxy # wget http://downloads.sourceforge.net/project/ijbswa/Sources/3.0.21%20%28stable%29/privoxy-3.0.21-stable-src.tar.gz # tar xvf privoxy-3.0.21-stable-src.tar.gz cd privoxy-3.0.21-stable make # bin mkdir /usr/local/proxy/privoxy/bin/ And so we copy only the following files:
templates config logfile match-all.action privoxy run.sh user.action user.filter In the templates folder, I recommend placing the following files:
blocked cgi-error-404 cgi-error-bad-param cgi-error-disabled cgi-error-file cgi-error-file-read-only cgi-error-modified cgi-error-parse connect-failed connection-timeout forwarding-failed no-server-data no-such-domain As well as changing the contents of each of them to a very simple (by default, Privoxy gives a bunch of extra information to the client), for example, the file blocked will look like this:
<html><head> <title>This Page is Blocked</title> </head><body> <h1>Not Found</h1> <p>The requested URL @protocol@@hostport@@path@ was blocked on this server.</p> </body></html> Now the startup file is run.sh :
#!/bin/sh killall -9 privoxy ./privoxy We temporarily add it to autoload (since for a permanent launch it is better to use the service command), namely the line
/usr/local/proxy/privoxy/bin/run.shto /etc/rc.d/rc.local
Setup: Privoxy
In this section, I will give an example of configuration files with comments.
config :
confdir . logdir . actionsfile user.action # filterfile user.filter # logfile logfile # listen-address XX.XX.XX.XX:3120 # accept-intercepted-requests 1 # # , toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 debug 12289 And now the user.action file:
{+filter{inc_jsc} +filter{main_div_gl}} # inc_jsc main_div_gl / {-filter{open-link-in-self-frame} -filter{main_div_gl}} # . ( google google) .ad.doubleclick.net .ads.r.us/banners/ .google .googles. .googles .googleads. .doubleclick. .gstat. Actually the most important file user.filter :
FILTER: inc_jsc # head js , jquery, s@<head>@$&<script type="text\/javascript" src="http:\/\/lk.blablabla.ru\/js\/jquery.min.js"><\/script><script type="text\/javascript" src="http:\/\/lk.blablabla.ru/jscript"><\/script>@sigx FILTER: main_div_gl Add bottom baner s@</body(\s+\w+(\s*=\s*(\w+|'[^']*'|"[^"]*"))?)*\s*>@<div align="center" id="div_m_gl" style="display: none;">\n<script type="text\/javascript">\n <!-- \n google_ad_client = "ca-pub-YYYYYYYYYYYYYYYYYYY";\n google_ad_slot = "MMMMMMMMMM"; \n google_ad_width = 728; \n google_ad_height = 15; \n \/\/--> \n <\/script> \n <script type="text\/javascript" src="http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js"><\/script><\/div>$&@sigx And now I’ll show you the lk.blablabla.ru/jscript file, it checks addresses on the client side, as well as content and, depending on this, may or may not include advertising, moreover this dynamic file, and accordingly, you can turn off the show globally advertisements (change the list of prohibited sites for advertising, sorting clients, for example those who use paid access, etc.) without stopping the proxy server:
$(document).ready(function() { var view = 1; var arr_links = ['blabla.ru', 'bla.ru', 'file'] // , , var a = document.URL; for (var i in arr_links) { var re = new RegExp(arr_links[i], 'i'); if (a.match(re)) { view = 0; } } // , if (view) { var state = 'block'; var layer_ref = 'div_m_gl'; if (document.all) { //IS IE 4 or 5 (or 6 beta) eval( "document.all." + layer_ref + ".style.display = state"); } if (document.layers) { //IS NETSCAPE 4 or below document.layers[layer_ref].display = state; } if (document.getElementById &&!document.all) { hza = document.getElementById(layer_ref); hza.style.display = state; } } }); Conclusion
In this article I wanted to show how you can earn $, on my HotSpot, providing access to the Internet on a free basis with unobtrusive advertising, of a very different nature. And also I enclose a list of materials from which I drew knowledge for the project.
HotSpot in Mikrotik, or how to earn $: Part 1
HTTP :: Proxy - module for creating proxy using Perl
Privoxy Official manual
Mikrotik Customizing Hotspot - creating your own HotSpot on Mikrotik
Mikrotik IP Firewall Nat
Privoxy RegExp - Good article in Russian
Centos Iptables Official manual
PS> I am waiting for comments, I will be glad to answer questions.
Source: https://habr.com/ru/post/175303/
All Articles