INSTALL PACKAGES
Install the following packages from System->Packages. Note the order which you install them is important as SquidGuard installs some older files which will be updated when you install squid3-dev.
Install SARG (2.3.6 pkg v0.6.3)
(Note: You could use Lightsquid if you want but I prefer SARG for easily configuring log rotation and scheduling.)
Install squidGuard-squid3 (1.4.4 pkg v.1.9.5)
Install squid3-dev (3.3.10 pkg 2.2.2)
(Note: You could use Lightsquid if you want but I prefer SARG for easily configuring log rotation and scheduling.)
Install squidGuard-squid3 (1.4.4 pkg v.1.9.5)
Install squid3-dev (3.3.10 pkg 2.2.2)
CONFIGURE SQUID
Accessed from Services->Proxy Server
GENERAL TAB
SQUID GENERAL SETTINGS
Proxy Interfaces: select AIRVPN_LAN. I tun this on my VPN connection only as LAN now provides an untouched Internet connection
Proxy Port: 3128
ICP port: blank
Allow users on interface: Ticked
Patch Captive Portal: unticked
Resolve DNS v4 first: unticked
Disable ICMP: unticked
Use Alternate DNS servers for proxy: unticked
Proxy Port: 3128
ICP port: blank
Allow users on interface: Ticked
Patch Captive Portal: unticked
Resolve DNS v4 first: unticked
Disable ICMP: unticked
Use Alternate DNS servers for proxy: unticked
TRANSPARENT PROXY SETTINGS
Transparent HTTP proxy: ticked
Transparent proxy interfaces: Select AIRVPN_LAN
Bypass proxy for private address destination: ticked
Bypass proxy for these source IPs: clear
Bypass proxy for these designation IPs: clear
Transparent proxy interfaces: Select AIRVPN_LAN
Bypass proxy for private address destination: ticked
Bypass proxy for these source IPs: clear
Bypass proxy for these designation IPs: clear
SSL MAN IN THE MIDDLE
HTTP/SSL interception: unticked
Leave this section as default, we aren't going to use this feature.
Leave this section as default, we aren't going to use this feature.
LOGGING SETTINGS
Enabled logging: ticked
Log Store Directory: /var/squid/logs
Log rotate: unticked (Sarg will take care of log rotation which we’ll onfigure later)
visible hostname: localhost (set as per your requirements)
Administrator email: admin@localhost (set as per your requirements)
Language: en
Disable x-forward: unticked
Log denied pages by Squidguard: unticked
What to do with requests with whitespace: strip
Suppress squid version: ticked
Log Store Directory: /var/squid/logs
Log rotate: unticked (Sarg will take care of log rotation which we’ll onfigure later)
visible hostname: localhost (set as per your requirements)
Administrator email: admin@localhost (set as per your requirements)
Language: en
Disable x-forward: unticked
Log denied pages by Squidguard: unticked
What to do with requests with whitespace: strip
Suppress squid version: ticked
Integrations: This will be empty at this stage but will populate after w ehave configured Suid Filter next.
redirect_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf;redirector_bypass off;url_rewrite_children 5
Custom ACLS (before auth): empty
Custom ACLS (after auth): empty
Custom ACLS (after auth): empty
Save
SELECT LOCAL CACHE TAB
SQUID CACHE GENERAL SETTINGS
Cache replacement policy: Heap LFUDA
Low water mark %: 90
High water mark %: 95
Do not cache: clear
Enable offline mode: unticked
Externam cache managers: unticked
Low water mark %: 90
High water mark %: 95
Do not cache: clear
Enable offline mode: unticked
Externam cache managers: unticked
SQUID HARD DISK CACHE SETTINGS
Hard disk cache: Start conservatively, e.g 20% of your HD free space. You can increase this later once you have verified caching is working and you have an idea how much data will be stored. You do not want to run out of disk space so be conservative and increase steadily.
Hard disk cache system: aufs
Clear cache on log rotate: unticked
Level 1 subdirectories: 16
Hard disk cache location: /var/squid/cache
Minimum obejct size: 0
Maximum object size: 102400KB
Hard disk cache system: aufs
Clear cache on log rotate: unticked
Level 1 subdirectories: 16
Hard disk cache location: /var/squid/cache
Minimum obejct size: 0
Maximum object size: 102400KB
SQUID MEMORY CACHE SETTINGS
Memory cache size: set to no more than 50% of your available RAM after your installed filter sets have loaded (Snort, pfBlocker etc), in my case I use 8192KB.
Maximum object size in RAM: 128KB (adjust according to mem cache size)
Memory replacement policy: LRU
Maximum object size in RAM: 128KB (adjust according to mem cache size)
Memory replacement policy: LRU
DYNAMIC AND UPDATE CONTENT
I understand there are some bugs in this area so I've not used it.
Cache dynamic content: unticked
Feel free to ignore the rest of this section as we aren't enabling this feature.
Cache dynamic content: unticked
Feel free to ignore the rest of this section as we aren't enabling this feature.
Save
CONFIGURE SQUIDGUARD
Accessed from Services->Proxy Filter
GENERAL SETTINGS
LDAP OPTIONS
Enable LDAP: unticked
Leave rest of this section as its unused.
Leave rest of this section as its unused.
LOGGING OPTIONS
Enable GUI log: ticked
Enable log: ticked
Enable log rotation: unticked (Sarg will be configured for this later)
Enable log: ticked
Enable log rotation: unticked (Sarg will be configured for this later)
MISCELLANEOUS
Clean advertising: ticked
BLACKLIST OPTIONS
Blacklist: ticked
Blacklist proxy: empty
Blacklist URL:
Blacklist proxy: empty
Blacklist URL:
http://www.shallalist.de/Downloads/shallalist.tar.gz
Shalllist is a free for personal use blacklist. Other premium options are available but I’m reviewing if Shalla’s list will suffice before considering moving to a paid for subscription.
Save
BLACKLIST TAB
Blaclist update:
Click on ‘download’
http://www.shallalist.de/Downloads/shallalist.tar.gzClick on ‘download’
TARGET CATEGORIES
I create two lists, one to specifically whitelist some websites, and another to blacklist additional sites which may be specific to my needs and where Shalla’s list may not inlude a particular location in their default rules.
Click ‘+’ to add a new Target Category
WHITELIST
Name: Whitelist
Order:
DOmain List: blank
URL list: blank
Regular Expression: blank
Redirect: blank
Description: Whitelist sites
Save
Order:
----DOmain List: blank
URL list: blank
Regular Expression: blank
Redirect: blank
Description: Whitelist sites
Save
Click ‘+’ to add a new Target Category
BLACKLIST
Name: Blacklist
Order:
DOmain List: blank
URL list: blank
Regular Expression: Enter your own additions in here. For my example used at the top of the page I had to add
Redirect: blank
Description: Blacklist sites
Save
Order:
----DOmain List: blank
URL list: blank
Regular Expression: Enter your own additions in here. For my example used at the top of the page I had to add
ad.singletrack.comhere.Redirect: blank
Description: Blacklist sites
Save
COMMON ACL TAB
I’ve taken the option to permit all traffic and only block specfic areas, you can alternatively by default block everything and secifically allow sites if desired.
Click on target rules List
Whitelist: Allow
Blacklist: Deny
blk_BL_adv: Deny
default access all: allow
Whitelist: Allow
Blacklist: Deny
blk_BL_adv: Deny
default access all: allow
Do not allow IP-addresses in URL: unticked
Proxy denied error: blank (you can insert a warning string here)
Redirect mode: int error page
redirect info: blank
Use safeguard engine: unticked
Rewrite: none
Log: ticked
Proxy denied error: blank (you can insert a warning string here)
Redirect mode: int error page
redirect info: blank
Use safeguard engine: unticked
Rewrite: none
Log: ticked
Save
The target rules box at the top of this page confirms the processing rule, the order is important. Edit the order using the Target Caegroies rules ‘order’ dropdown to ensure the order is Whitelist, Blacklist, Shalla groups, Default Access.
CONFIGURE SARG
Accessed from Status->Sarg reports
GENERAL
REPORT SETTINGS
Proxy server: Squid
Report Options (use ctrl to select more than one)
Use graphics where possible
Remove temporary files from root directory report
generate main index html
generate the index tree file
Use comma instead point in reports
Show download volume on Date/Time reports
Use graphics where possible
Remove temporary files from root directory report
generate main index html
generate the index tree file
Use comma instead point in reports
Show download volume on Date/Time reports
Report to generate
Select All, or highlight the ones you are interested in.
Select All, or highlight the ones you are interested in.
Date format: European
Report charset: UTF-8 (Default)
Host alias: blank
Report charset: UTF-8 (Default)
Host alias: blank
Limit settings
Max elapsed: 0
Reports last limits: 0
Report days limits: 0
Top user limits: 0
Denied Limit: 0
Auth Fail limit: 0
User report limit: 0
Max elapsed: 0
Reports last limits: 0
Report days limits: 0
Top user limits: 0
Denied Limit: 0
Auth Fail limit: 0
User report limit: 0
Exlude settings
Exclude string: blank
Exclude hosts: blank
Exclude codes: blank
Exclude string: blank
Exclude hosts: blank
Exclude codes: blank
Save
SCHEDULE TAB
Click + to create new rule
Enable: ticked
Description: Daily report
Sarg args:
frequency: 23h
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Enable: ticked
Description: Daily report
Sarg args:
-d `date +%d/%m/%Y` frequency: 23h
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Save
Click + to create new rule
Enable: ticked
Description: Weekly report
Sarg args:
frequency: 7d
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Enable: ticked
Description: Weekly report
Sarg args:
-d `date -v-1w +%d/%m/%Y`- `date -v-1d +%d/%m/%Y` frequency: 7d
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Save
Click + to create new rule
Enable: ticked
Description: Monthly report
Sarg args:
frequency: 30d
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Enable: ticked
Description: Monthly report
Sarg args:
-d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y` frequency: 30d
Action after sarg: none
Enable compression: ticked
Compression level: default
Find limit: 60
Save
Verify you see three rules displayed summarising the above entries.
Save
VERIFYING FUNCTIONALITY
STATUS DASHBOARD
Verify the Proxy server service and Proxy Server filter service have green running icons next to them. Check syste log for possible reason why they may have failed to start if they have red corsses next to them.
Go to Services->Proxy Server, Real time tab
A scrolling window will summarise cache hit status of any access. Look for some TCP_HIT or TCP_MEM_HITs to verify caching is working correctly.
A scrolling window will summarise cache hit status of any access. Look for some TCP_HIT or TCP_MEM_HITs to verify caching is working correctly.
Alternatively, open up a SSH session and enter
tail -f /var/squid/logs/access.log to observe cache accesses.SARG REPORTS
Go to Status->Sarg Reports, View Report and select the latest report.
You should see a IN-CACHE-OUT column which will summarise the percentage access which are both in and out of cache.
You should see a IN-CACHE-OUT column which will summarise the percentage access which are both in and out of cache.
I didnt see huge amounts of postive caching activity immediately but it has slowly improved as my cache has become populated during normal use. I’m currently seeing just under 10% after 24 hours of population.
ADVERT REMOVAL
Remember to disable any Adblock software you may be running if testing on a PC.
Verify functionality is correct by loading a web page which you know displays adverts and verify they are no longer displayed.
Verify functionality is correct by loading a web page which you know displays adverts and verify they are no longer displayed.
No comments:
Post a Comment