From VyOS Wiki
Revision as of 05:47, 7 July 2014 by Kmpm (talk | contribs) (setting cache size)
Jump to: navigation, search


The proxy service in VyOS is based on Squid 3 and some related modules.

All examples here assumes that your inside ip address is Replace with your own where applicable.


set service webproxy listen-address

By default it will listen to port 3128. If you wan't something else you have to define that.

set service webproxy listen-address port 2050

By default the transparent proxy on that interface is enabled. To disable that you simply

set service webproxy listen-address disable-transparent

URL Filtering

URL Filtering is provided by Squidguard

Blocking specific urls

set service webproxy url-filtering squidguard local-block myspace.com

If you want to you can log these blocks

set service webproxy url-filtering squidguard log local-block

Filtering by category

If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes.

vyos@vyos# commit
[ service webproxy ]
Warning: no blacklists installed
Unknown block-category [ads] for policy [default]

service webproxy failed
Commit failed

Download/update blacklists

vyos@vyos$ update webproxy blacklists

To download all categories. If you wan to you can download a specific category.

vyos@vyos$ update webproxy blacklists category ads

Use tab completion to get a list of categories.

To auto update the blacklist files

set service webproxy url-filtering squidguard auto-update update-hour 23

To configure the actual blocking add the following to the configuration

set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware


Web proxy LDAP authentication


Adjusting cache size

set service webproxy cache-size
Possible completions:
               Disk cache size in MB (default 100)
  0            Disable disk caching