Administrator’s Guide 5.2 (Archived)

Copyright (c) 2010-2017 Diladele B.V. All rights reserved.

This manual was developed by Diladele B.V. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Diladele B.V.

We have tried our best to keep the documentation as accurate as possible. However, this document may contain technical and typographical errors. Information in this document is subject to change without notice. Use release notes provided with product installation package for the latest additions to this documentation.

Some or all of the names mentioned in this documentation may be registered trademarks of their respective owners. Companies, names and data used in this manual are fictitious unless otherwise noted.

Web Safety ICAP web filter for Squid proxy was developed by Diladele B.V. For more information on this product and other products produced by Diladele B.V. please see our website at https://www.diladele.com or contact us using email at mail@diladele.com. Use support@diladele.com to get technical support for our products. Your questions, comments or suggestions considering this documentation are welcomed at docs@diladele.com.

Table Of Contents

• Foreword
• How it Works
• Key Features
• Installation and Removal
  • Operating Systems
  • Software Requirements
  • Ubuntu 16 LTS x86_64
  • CentOS 7 x86_64
  • Debian 9 x86_64
  • Raspbian 9 (Stretch) on Raspberry PI 2+ (ARM)
  • FreeBSD 11 (pfSense 2.4)
  • Installed Files and Directories
  • Logs and Log Rotation
• Upgrading from Previous Versions
  • Preliminary Notes
  • Save your current configuration to a temporary location
  • Reinstall versions of Web Safety
  • Import previously stored configuration from temporary location
  • Limitations of the upgrade
• HTTPS Filtering
  • The Need to Filter HTTPS
  • What is Required to Filter HTTPS?
  • How It Works
  • Regenerate Trusted SSL Certificates for Squid
  • Install Trusted Certificates
  • Enable HTTPS Filtering in Admin UI
  • Exclude Domains from HTTPS Filtering
  • Verify HTTPS Connections are Filtered
  • Troubleshooting HTTPS filtering
• Integration with Microsoft Active Directory
  • Assumptions and prerequisites
  • Step 1. Configure IP address and DNS settings
  • Step 2. Syncronize time
  • Step 3. Create a user in AD for Kerberos auth and LDAP lookup
  • Step 4. Link to Active Directory domain
  • Step 5. Configure Kerberos authentication on Squid
  • Step 6. Enable NTLM authentication on Squid
  • Step 7. Enable Basic LDAP authentication on Squid
  • Generated Configuration Files
  • Squid Configuration with Proxy Authentication
  • How to Check Proxy Authentication on Squid
  • LDAP groups as Members in Web Filter Policies
  • Troubleshooting Squid Active Directory Integration
  • Adding redundancy to Active Directory integrated Squid
  • Using Subordinate CA for HTTPS Decryption in Active Directory Integrated Squid
• Web Filter
  • Configuring Web Filtering Policies
  • Automating Web Filtering Policies
  • Configuration Files, Doing Settings Backups
• Anti Virus on Proxy
  • Squid ClamAV as ICAP Service
  • ESET Anti Virus ICAP Service
• Admin UI for Squid and Web Safety
  • Default Login and Password for the Admin UI
  • Configuration Files for Squid
  • Advanced Settings
• Virtual Appliance
  • User Credentials
  • How to use the Virtual Appliance
  • How to Set Static IP Address in VA
  • Hardware & Software Specifications
  • Time BIOS Settings in Microsoft Hyper-V and Squid
• System Configuration
  • DNS Caching Server
  • Automatic Updates of Definition Files
• Traffic Monitoring
  • Monitoring Channels
  • Real Time Monitoring
  • Browsing History
  • Database Types
  • Traffic Reports
• Troubleshooting
  • Known Issues
  • Quotes in Advanced Squid ACLs Section
• License Agreement
• Open Source Licenses
  • go-logging license
  • OpenSSL License