Install Squid and Web Safety¶
Our router will run Squid proxy for transparent interception of HTTPS and HTTPS traffic and Web Safety for URL and content filtering.
Follow the installation manual for Debian 10 to install these components (../../administrator_guide_old_stable/install/debian10/index). Just run the scripts in the core.debian10
and ui.deb
one by one as root.
Switch port of Admin UI¶
Integration of Web Safety UI and Apache was done automatically by the installer, but in case of transparent filtering proxy some more steps are required. Normally Admin UI of Web Safety runs on port 80 but this port will be used by Squid for transparent interception, so we need to change the port Admin UI listens on.
Open /etc/apache2/ports.conf using your favorite text editor, find
Listen 80
and change it toListen 8000
. Save the file.Open /etc/apache2/sites-enabled/websafety.conf, find
VirtualHost *:80
and change it toVirtualHost *:8000
. Save the file.Finally, restart Apache web server by running systemctl restart apache2 command.
Important
Do not forget to allow connections to port 8000 from your LAN. Add the following rules to /etc/network/iptables, section services, somewhere before the -A INPUT -j DROP
.
# accept traffic to Web UI of Web Safety on port 8000
-A INPUT -i ens33 -p tcp --dport 8000 -j ACCEPT
Reboot your proxy box now before going to the next step.