Difference between revisions of "Webproxy"

From VyOS Wiki
Jump to: navigation, search
m (URL Filtering)
 
Line 1: Line 1:
 +
{{Migrated | url = https://vyos.readthedocs.io/en/latest/services/webproxy.html}}
 
{{TOC right}}
 
{{TOC right}}
  

Latest revision as of 20:07, 1 July 2019

Warning sign.png This page is migrated to Readthedocs .
Information found on this page is migrated to readthedocs and information found here could be outdated or misleading. https://vyos.readthedocs.io/en/latest/services/webproxy.html

Introduction

The proxy service in VyOS is based on Squid 3 and some related modules.

All examples here assumes that your inside ip address is 192.168.0.1. Replace with your own where applicable.



Enabling

set service webproxy listen-address 192.168.0.1

By default it will listen to port 3128. If you wan't something else you have to define that.

set service webproxy listen-address 192.168.0.1 port 2050

By default the transparent proxy on that interface is enabled. To disable that you simply

set service webproxy listen-address 192.168.0.1 disable-transparent


URL Filtering

URL Filtering is provided by Squidguard

Blocking specific urls

set service webproxy url-filtering squidguard local-block myspace.com

If you want to you can log these blocks

set service webproxy url-filtering squidguard log local-block

Allow by default

set service webproxy url-filtering squidguard def allow

Filtering by category

If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes.

vyos@vyos# commit
[ service webproxy ]
Warning: no blacklists installed
Unknown block-category [ads] for policy [default]

service webproxy failed
Commit failed


Download/update blacklists

vyos@vyos$ update webproxy blacklists

To download all categories. If you wan to you can download a specific category.

vyos@vyos$ update webproxy blacklists category ads

Use tab completion to get a list of categories.

To auto update the blacklist files

set service webproxy url-filtering squidguard auto-update update-hour 23

To configure the actual blocking add the following to the configuration

set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware
set service webproxy url-filtering squidguard block-category warez
set service webproxy url-filtering squidguard block-category phishing
set service webproxy url-filtering squidguard block-category cryptojacking
set service webproxy url-filtering squidguard block-category dangerous_material

Authentication

Web proxy LDAP authentication

Tuning

Adjusting cache size

set service webproxy cache-size
Possible completions:
  <0-4294967295>
               Disk cache size in MB (default 100)
  0            Disable disk caching
  100