Install Squid and Web Safety
Our router will run Squid proxy for transparent interception of HTTPS and HTTPS traffic and Web Safety for URL and content filtering.
Follow the installation manual for Debian 10 to install these components (Debian 10 x86_64 or ARM (Raspberry PI)). Just run the scripts in the
ui.deb one by one as root.
Switch port of Admin UI
Integration of Web Safety UI and Apache was done automatically by the installer, but in case of transparent filtering proxy some more steps are required. Normally Admin UI of Web Safety runs on port 80 but this port will be used by Squid for transparent interception, so we need to change the port Admin UI listens on.
- Open /etc/apache2/ports.conf using your favorite text editor, find
Listen 80and change it to
Listen 8000. Save the file.
- Open /etc/apache2/sites-enabled/websafety.conf, find
VirtualHost *:80and change it to
VirtualHost *:8000. Save the file.
- Finally, restart Apache web server by running systemctl restart apache2 command.
Do not forget to allow connections to port 8000 from your LAN. Add the following rules to /etc/network/iptables, section services, somewhere before the
-A INPUT -j DROP.
# accept traffic to Web UI of Web Safety on port 8000 -A INPUT -i ens33 -p tcp --dport 8000 -j ACCEPT
Reboot your proxy box now before going to the next step.