Install Squid and Web Safety

Our router will run Squid proxy for transparent interception of HTTPS and HTTPS traffic and Web Safety for URL and content filtering.


It is not a good practice to install any additional components on the router. Much better way to deploy the filtering proxy in your network is by using a separate virtual appliance as explicit proxy. If transparent deployment is a must, it would also be better to use the separate virtual appliance and redirect the traffic to it using policy based routing.

If you still decide to continue, follow the installation manual for Debian 12 to install all required components (Debian 12 x86_64) on the router. Just run the scripts in the core.debian12 and ui.deb one by one as root.

Switch port of Admin UI

Integration of Web Safety UI and Apache was done automatically by the installer, but in case of transparent filtering proxy some more steps are required. Normally Admin UI of Web Safety runs on port 80 but this port will be used by Squid for transparent interception, so we need to change the port Admin UI listens on.

  1. Open /etc/apache2/ports.conf using your favorite text editor, find Listen 80 and change it to Listen 8000. Save the file.

  2. Open /etc/apache2/sites-enabled/websafety.conf, find VirtualHost *:80 and change it to VirtualHost *:8000. Save the file.

  3. Finally, restart Apache web server by running systemctl restart apache2 command.


Connections to port 8000 on the router from your LAN are enabled in the default firewall rules we are using. If you have customized those be sure to allow those manually.

Reboot your proxy box now before going to the next step.