Before web filter installation

HTTPS decryption alone is not enough to block questionable web content. We also need the filtering server that could be paired with Squid. We will use Web Safety ICAP Server for the filtering and blocking part. This server is capable of integrating with existing Squid proxy and provides rich content filtering functionality out of the box. It may be used to block illegal or potentially malicious file downloads, remove annoying advertisements, prevent access to various categories of the web sites and block resources with explicit content.

We will use the version 7.0 of Web Safety. It was designed specifically with HTTPS filtering in mind and contains rich web administrator console to perform routine tasks right from the browser.

By default, Web Safety comes with 4 polices preinstalled. The strict policy contains web filter settings put on the maximum level and is supposed to protect minors and K12 students from inappropriate contents on the Internet. The relaxed policy blocks only excessive advertisements and was supposed to be used by network administrators, teachers and all those who do not need filtered access to web but would like to evade most ads. The third policy is tailored to white list only browsing and the last group contains less restrictive web filtering settings suitable for normal web browsing without explicitly adult contents shown.

Web Safety uses websafety user and group to run. Normally it creates those upon installation but for some reason they are not saved during reboots so we must create required user and group manually. Go to System / User Manager select Groups Tab and add a new group websafety.


Click Save and then select the Users tab to add a new user websafety. Do not forget to make in a member of websafety group. Enter some arbitrary password.


Again click Save.