Install Squid and Web Safety

Our router will run Squid proxy for transparent interception of HTTPS and HTTPS traffic and Web Safety for URL and content filtering.

Follow the installation manual for Debian 10 to install these components (Debian 10 x86_64). Just run the scripts in the scripts.debian10 one by one as root.

Switch port of Admin UI

Integration of Web Safety UI and Apache was done automatically by the installer, but in case of transparent filtering proxy some more steps are required. Normally Admin UI of Web Safety runs on port 80 but this port will be used by Squid for transparent interception, so we need to change the port Admin UI listens on.

  1. Open /etc/apache2/ports.conf using your favorite text editor, find Listen 80 and change it to Listen 8000. Save the file.
  2. Open /etc/apache2/sites-enabled/websafety.conf, find VirtualHost *:80 and change it to VirtualHost *:8000. Save the file.
  3. Finally, restart Apache web server by running systemctl restart apache2 command.

Important

Do not forget to allow connections to port 8000 from your LAN. Add the following rules to /etc/network/iptables, section services, somewhere before the -A INPUT -j DROP.

# accept traffic to Web UI of Web Safety on port 8000
-A INPUT -i ens33 -p tcp --dport 8000 -j ACCEPT

Reboot your proxy box now before going to the next step.