Install Squid and Web Safety¶
Our router will run Squid proxy for transparent interception of HTTPS and HTTPS traffic and Web Safety for URL and content filtering.
It is not a good practice to install any additional components on the router. Much better way to deploy the filtering proxy in your network is by using a separate virtual appliance as explicit proxy. If transparent deployment is a must, it would also be better to use the separate virtual appliance and redirect the traffic to it using policy based routing.
If you still decide to continue, follow the installation manual for Debian 12 to install all required components (Debian 12 x86_64) on the router. Just run the scripts in the
ui.deb one by one as root.
Switch port of Admin UI¶
Integration of Web Safety UI and Apache was done automatically by the installer, but in case of transparent filtering proxy some more steps are required. Normally Admin UI of Web Safety runs on port 80 but this port will be used by Squid for transparent interception, so we need to change the port Admin UI listens on.
Open /etc/apache2/ports.conf using your favorite text editor, find
Listen 80and change it to
Listen 8000. Save the file.
Open /etc/apache2/sites-enabled/websafety.conf, find
VirtualHost *:80and change it to
VirtualHost *:8000. Save the file.
Finally, restart Apache web server by running systemctl restart apache2 command.
Connections to port 8000 on the router from your LAN are enabled in the default firewall rules we are using. If you have customized those be sure to allow those manually.
Reboot your proxy box now before going to the next step.