Squid

https://blog.barclayhowe.com/keeping-the-kids-safe-from-the-internet-with-filtering/

https://www.linux-magazine.com/Issues/2014/158/Security-Lessons-Squid-Filtering

https://techexpert.tips/de/squid-de/installieren-sie-squid-mit-https-unterstuetzung-unter-ubuntu-linux/

https://www.howtoforge.de/anleitung/installation-des-squid-proxy-servers-unter-ubuntu-2004/

https://computingforgeeks.com/install-and-configure-squid-proxy-server-on-ubuntu/

https://phoenixnap.com/kb/setup-install-squid-proxy-server-ubuntu

SARG: https://www.tecmint.com/sarg-squid-analysis-report-generator-and-internet-bandwidth-monitoring-tool/

Port: 3128

Installation

  • apt install squid
  • vi /etc/squid/squid.conf
    • http_access allow localhost
      
      acl my_lan src 10.10.46.0/24
      http_access allow my_lan
      
      # And finally deny all other access to this proxy
      http_access deny all
      
    • acl client1 src 192.168.10.10
      acl client2 src 192.168.10.11
      http_access allow client1 client2
  • Add SSL Support
  • Cert
    • mkdir /etc/squid/ssl_cert
    • chmod 700 /etc/squid/ssl_cert
    • cd /etc/squid/ssl_cert
    • openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout myCA.pem -out myCA.pem
    • openssl x509 -in myCA.pem -outform DER -out myCA.der

https://www.netways.de/en/blog/2020/10/15/squid-4-proxy-mit-ldap-mitm-ssl-bump/

https://support.kaspersky.com/KWTS/6.1/en-US/166244.htm

Transparent

  • vi /etc/squid/squid.conf
    • http_port 3128 intercept
      http_port 80
      http_port 443
    • ^ why the second two lines?
  • iptables -t nat -I PREROUTING -p tcp -s 10.10.46.0/24 --dport 80 -j REDIRECT --to-port 3128
  • iptables -t nat -I PREROUTING -p tcp -s 10.10.46.0/24 --dport 443 -j REDIRECT --to-port 3128

Squidanalzer

  • wget https://codeload.github.com/darold/squidanalyzer/zip/refs/heads/master
  • unzip master
  • perl Makefile.PL
  • make && make install
    • 1. Modify your httpd.conf to allow access to HTML output like follow:
              Alias /squidreport /var/www/squidanalyzer
              <Directory /var/www/squidanalyzer>
                  Options -Indexes FollowSymLinks MultiViews
              AllowOverride None
                  Order deny,allow
                  Deny from all
                  Allow from 127.0.0.1
              </Directory>
      2. If necessary, give additional host access to SquidAnalyzer in httpd.conf.
         Restart and ensure that httpd is running.
      3. Browse to http://my.host.dom/squidreport/ to ensure that things are working
         properly.
      4. Setup a cronjob to run squid-analyzer daily:

           # SquidAnalyzer log reporting daily
           0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

      or run it manually. For more information, see /README file.

  • vi /etc/apache2/sites-available/squidanalyzer.conf

    • <VirtualHost *:80>
              ServerName squidanalyzer
              ServerAdmin office@example.com
              DocumentRoot /var/www/squidanalyzer
      </VirtualHost>

  • a2ensite squidanalyzer.conf

  • service apache2 restart

  • vi /etc/squidanalyzer/squidanalyzer.conf

    • WebUrl  /
      LogFile /var/log/squid/access.log
  • /usr/local/bin/squid-analyzer
  • ls -la /var/www/squidanalyzer
  • @notebook: create hosts entry 10.10.46.135 squidanalyzer
  • http://squidanalyzer/

 

Time Quota

http://www.squid-cache.org/mail-archive/squid-dev/201104/0009.html

https://www.gsp.com/cgi-bin/man.cgi?section=8&topic=ext_time_quota_acl
 

Possible alternative: dynamic Firewall rules (Shorewall?)