Squid
https://blog.barclayhowe.com/keeping-the-kids-safe-from-the-internet-with-filtering/
https://www.linux-magazine.com/Issues/2014/158/Security-Lessons-Squid-Filtering
https://www.howtoforge.de/anleitung/installation-des-squid-proxy-servers-unter-ubuntu-2004/
https://computingforgeeks.com/install-and-configure-squid-proxy-server-on-ubuntu/
https://phoenixnap.com/kb/setup-install-squid-proxy-server-ubuntu
SARG: https://www.tecmint.com/sarg-squid-analysis-report-generator-and-internet-bandwidth-monitoring-tool/
Port: 3128
Installation
- apt install squid
- vi /etc/squid/squid.conf
-
http_access allow localhost acl my_lan src 10.10.46.0/24 http_access allow my_lan # And finally deny all other access to this proxy http_access deny all
-
acl client1 src 192.168.10.10 acl client2 src 192.168.10.11 http_access allow client1 client2
-
- Add SSL Support
- wget -qO - https://packages.diladele.com/diladele_pub.asc | sudo apt-key add -
- echo "deb https://squid413-ubuntu20.diladele.com/ubuntu/ focal main" > /etc/apt/sources.list.d/squid413-ubuntu20.diladele.com.list
- apt update
- apt-get install -y squid-common squid-openssl squidclient libecap3 libecap3-dev
- squid -v | grep ssl
- Cert
- mkdir /etc/squid/ssl_cert
- chmod 700 /etc/squid/ssl_cert
- cd /etc/squid/ssl_cert
- openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout myCA.pem -out myCA.pem
- openssl x509 -in myCA.pem -outform DER -out myCA.der
https://www.netways.de/en/blog/2020/10/15/squid-4-proxy-mit-ldap-mitm-ssl-bump/
https://support.kaspersky.com/KWTS/6.1/en-US/166244.htm
Transparent
- vi /etc/squid/squid.conf
- http_port 3128 intercept
http_port 80
http_port 443 - ^ why the second two lines?
- http_port 3128 intercept
- iptables -t nat -I PREROUTING -p tcp -s 10.10.46.0/24 --dport 80 -j REDIRECT --to-port 3128
- iptables -t nat -I PREROUTING -p tcp -s 10.10.46.0/24 --dport 443 -j REDIRECT --to-port 3128
Squidanalzer
- wget https://codeload.github.com/darold/squidanalyzer/zip/refs/heads/master
- unzip master
- perl Makefile.PL
- make && make install
-
1. Modify your httpd.conf to allow access to HTML output like follow:
Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
2. If necessary, give additional host access to SquidAnalyzer in httpd.conf.
Restart and ensure that httpd is running.
3. Browse to http://my.host.dom/squidreport/ to ensure that things are working
properly.
4. Setup a cronjob to run squid-analyzer daily:# SquidAnalyzer log reporting daily
0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1or run it manually. For more information, see /README file.
-
-
vi /etc/apache2/sites-available/squidanalyzer.conf
-
<VirtualHost *:80>
ServerName squidanalyzer
ServerAdmin office@example.com
DocumentRoot /var/www/squidanalyzer
</VirtualHost>
-
-
a2ensite squidanalyzer.conf
-
service apache2 restart
-
vi /etc/squidanalyzer/squidanalyzer.conf
-
WebUrl / LogFile /var/log/squid/access.log
-
- /usr/local/bin/squid-analyzer
- ls -la /var/www/squidanalyzer
- @notebook: create hosts entry 10.10.46.135 squidanalyzer
- http://squidanalyzer/
Time Quota
http://www.squid-cache.org/mail-archive/squid-dev/201104/0009.html
https://www.gsp.com/cgi-bin/man.cgi?section=8&topic=ext_time_quota_acl
Possible alternative: dynamic Firewall rules (Shorewall?)
Analysing Tools
Squid Analyzer
Calamaris
Darold