Difference between revisions of "Webproxy"

From VyOS Wiki
Jump to: navigation, search
(help to get started with webproxy)
(No difference)

Revision as of 11:25, 3 July 2014

Introduction

The proxy service in VyOS is based on Squid 3 and some related modules.

All examples here assumes that your inside ip address is 192.168.0.1. Replace with your own where applicable.



Enabling

set service webproxy listen-address 192.168.0.1

By default it will listen to port 3128. If you wan't something else you have to define that.

set service webproxy listen-address 192.168.0.1 port 2050

By default the transparent proxy on that interface is enabled. To disable that you simply

set service webproxy listen-address 192.168.0.1 disable-transparent


URL Filtering

URL Filtering is provided by Squidguard

Blocking specific urls

set service webproxy url-filtering squidguard local-block myspace.com

If you want to you can log these blocks

set service webproxy url-filtering squidguard log local-block


Filtering by category

If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes.

vyos@vyos# commit
[ service webproxy ]
Warning: no blacklists installed
Unknown block-category [ads] for policy [default]

service webproxy failed
Commit failed


Download/update blacklists

vyos@vyos$ update webproxy blacklists

To download all categories. If you wan to you can download a specific category.

vyos@vyos$ update webproxy blacklists category ads

Use tab completion to get a list of categories.

To auto update the blacklist files

set service webproxy url-filtering squidguard auto-update update-hour 23

To configure the actual blocking add the following to the configuration

set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware


Authentication

Web proxy LDAP authentication