Difference between revisions of "Webproxy"

From VyOS Wiki
Jump to: navigation, search
m (setting cache size)
m (URL Filtering)
Line 34: Line 34:
 
  '''set service webproxy url-filtering squidguard log local-block
 
  '''set service webproxy url-filtering squidguard log local-block
  
 +
Allow by default
 +
'''set service webproxy url-filtering squidguard def allow
  
 
=== Filtering by category ===
 
=== Filtering by category ===
Line 67: Line 69:
 
  '''set service webproxy url-filtering squidguard block-category ads'''
 
  '''set service webproxy url-filtering squidguard block-category ads'''
 
  '''set service webproxy url-filtering squidguard block-category malware'''
 
  '''set service webproxy url-filtering squidguard block-category malware'''
 
+
'''set service webproxy url-filtering squidguard block-category warez
 +
'''set service webproxy url-filtering squidguard block-category phishing
 +
'''set service webproxy url-filtering squidguard block-category cryptojacking
 +
'''set service webproxy url-filtering squidguard block-category dangerous_material
  
 
== Authentication ==
 
== Authentication ==

Revision as of 04:22, 20 October 2018

Introduction

The proxy service in VyOS is based on Squid 3 and some related modules.

All examples here assumes that your inside ip address is 192.168.0.1. Replace with your own where applicable.



Enabling

set service webproxy listen-address 192.168.0.1

By default it will listen to port 3128. If you wan't something else you have to define that.

set service webproxy listen-address 192.168.0.1 port 2050

By default the transparent proxy on that interface is enabled. To disable that you simply

set service webproxy listen-address 192.168.0.1 disable-transparent


URL Filtering

URL Filtering is provided by Squidguard

Blocking specific urls

set service webproxy url-filtering squidguard local-block myspace.com

If you want to you can log these blocks

set service webproxy url-filtering squidguard log local-block

Allow by default

set service webproxy url-filtering squidguard def allow

Filtering by category

If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes.

vyos@vyos# commit
[ service webproxy ]
Warning: no blacklists installed
Unknown block-category [ads] for policy [default]

service webproxy failed
Commit failed


Download/update blacklists

vyos@vyos$ update webproxy blacklists

To download all categories. If you wan to you can download a specific category.

vyos@vyos$ update webproxy blacklists category ads

Use tab completion to get a list of categories.

To auto update the blacklist files

set service webproxy url-filtering squidguard auto-update update-hour 23

To configure the actual blocking add the following to the configuration

set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware
set service webproxy url-filtering squidguard block-category warez
set service webproxy url-filtering squidguard block-category phishing
set service webproxy url-filtering squidguard block-category cryptojacking
set service webproxy url-filtering squidguard block-category dangerous_material

Authentication

Web proxy LDAP authentication

Tuning

Adjusting cache size

set service webproxy cache-size
Possible completions:
  <0-4294967295>
               Disk cache size in MB (default 100)
  0            Disable disk caching
  100