Difference between revisions of "Webproxy"

From VyOS Wiki
Jump to: navigation, search
(help to get started with webproxy)
 
m (setting cache size)
Line 72: Line 72:
  
 
[[Web proxy LDAP authentication]]
 
[[Web proxy LDAP authentication]]
 +
 +
== Tuning ==
 +
 +
Adjusting cache size
 +
 +
'''set service webproxy cache-size'''
 +
Possible completions:
 +
  <0-4294967295>
 +
                Disk cache size in MB (default 100)
 +
  0            Disable disk caching
 +
  100
 +
  
  
 
[[Category: User documentation]]
 
[[Category: User documentation]]

Revision as of 05:47, 7 July 2014

Introduction

The proxy service in VyOS is based on Squid 3 and some related modules.

All examples here assumes that your inside ip address is 192.168.0.1. Replace with your own where applicable.



Enabling

set service webproxy listen-address 192.168.0.1

By default it will listen to port 3128. If you wan't something else you have to define that.

set service webproxy listen-address 192.168.0.1 port 2050

By default the transparent proxy on that interface is enabled. To disable that you simply

set service webproxy listen-address 192.168.0.1 disable-transparent


URL Filtering

URL Filtering is provided by Squidguard

Blocking specific urls

set service webproxy url-filtering squidguard local-block myspace.com

If you want to you can log these blocks

set service webproxy url-filtering squidguard log local-block


Filtering by category

If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes.

vyos@vyos# commit
[ service webproxy ]
Warning: no blacklists installed
Unknown block-category [ads] for policy [default]

service webproxy failed
Commit failed


Download/update blacklists

vyos@vyos$ update webproxy blacklists

To download all categories. If you wan to you can download a specific category.

vyos@vyos$ update webproxy blacklists category ads

Use tab completion to get a list of categories.

To auto update the blacklist files

set service webproxy url-filtering squidguard auto-update update-hour 23

To configure the actual blocking add the following to the configuration

set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware


Authentication

Web proxy LDAP authentication

Tuning

Adjusting cache size

set service webproxy cache-size
Possible completions:
  <0-4294967295>
               Disk cache size in MB (default 100)
  0            Disable disk caching
  100