In this document, I will show you how to setup an http proxy server with content filter and virus scanner on Linux platform.
We will use following open-source software to achieve our goal,
Squid - a free and open-source web proxy server
Pre-installation
First of all, you have to create user accounts, which will be used to install the proxy server. Login to your linux machine, and type the following command, if you don't have these user accounts in your system.
command> useradd -M squid
command> groupadd clamav
command> useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Download all required packagesPlease download all following packages to your Linux machine. I used to download them to my "/downloads" folder, so I will refer to this folder in the whole installation process.
Squid - the latest version when this doc. written is
squid-2.6.STABLE4Webmin - the latest version when this doc. written is
webmin-1.3Clamav - the latest version when this doc. written is
clamav-0.90RC1.1SARG - the latest version when this doc. written is
sarg-2.2.2Compile Squid Proxy ServerNow, we are going to start our proxy installation. First, compile your squid proxy server, if you are not advance linux user (like me), you can follow my settings which shown below. If you are advance user, and wanna custom your proxy installation setting, you can check the config parameters and use your own setting.
command> su squid command> cd /downloadscommand> tar -xzvf squid-2.6.STABLE4.tar.gzcommand> cd squid-2.6.STABLE4command> ./configure \command> --enable-arp-acl \command> --enable-ssl \command> --enable-linux-netfilter \command> --enable-underscorescommand> makecommand> exitNotes: You must use the "squid" account to compile the proxy server
Install Squid Proxy Servercommand> make installOkay, we have installed our server and next we will configure it. As usual, I use vi to modify config file. You can use your famous editor to edit the config file.
command> vi /user/local/squid/etc/squid.confSearch for tag "cache_effective_user" and add the line below after the tag.
"cache_effective_user squid"Search for tag "visible_hostname" and add the line below after the tag.
"visible_hostname MYPROXYSERVER"where MYPROXYSERVER is the machine hostname
Save your modification and then exit
Install WebminYou will like to install webmin which will ease you to play with your proxy server, like add access rule, configure content filter, and generate access reports.
command> cd /downloadscommand> tar -xzvf webmin-1.3.tar.gzcommand> cd webmin-1.3command> ./setup.sh /usr/local/webminDuring the installation, you will be ask several questions, where you can custom your installation, I used to answer the them with default values as follows,
1) /etc/webmin
2) /var/webmin
3) /usr/bin/perl
4) port:10000
5) username: admin
6) password:
7) start at boot time: y
After installed webmin, we will configure it, so that it can work with our installed proxy server.
Enable SSL for webmin
Go to "http://host-ipaddress:10000" and login with the username which entered while installation.
Click the tags "Webmin" >> "Webmin Configuration" >> "SSL Encryption"
Click the link "download and install"
After downloaded required packages, click "Continue With Install"
After installation, click the link "Return to webmin configuration"
Click "SSL Encryption" again, select "Yes" under "Enable SSL if availabe"
Select "Yes" under "SSL requests to SSL mode"
Click the "Save" button to confirm the settings
Configure Squid Proxy Server Webmin Module
Go to "http://host-ipaddress:10000" and login with the username which you entered while installation.
Click the tags "Servers" >> "Squid Proxy Server" >> "Module Config"
Edit following fields:
- Full Path to squid config file: /usr/local/squid/etc/squid.conf
- Command to start squid: /usr/local/squid/sbin/squid
- Command to stop squid: /usr/local/squid/sbin/squid -k shutdown
- Command to apply changes: /usr/local/squid/sbin/squid -k reconfigure
- Squid Executable: /usr/local/squid/sbin/squid
- Full path to PID file: /usr/local/squid/var/logs/squid.pid
- Full path to squid cache directory: /usr/local/squid/var/cache
- Squid cachemgr.cgi executable: /usr/local/squid/libexec/cachemgr.cgi
- Full path to squid log directory: /usr/local/squid/var/logs
Press the "Save" button
Start Squid Proxy ServerFor a simple web squid proxy server, it is nearly done. Let's start to initialize our server, and then go to next section to install anti-virus software.
Press the button "Initialize Cache"
Click the link "Return to squid index"
Press the button "Start Squid"
Install ClamavWe want our server able to decline all infected files downloading, so we need an anti-virus software to scan download files. Clamav is a free anti-virus tool, I think it is good enough for us as the purpose of filtering, you may try out any other commercial anti-virus software for the same purpose, and you are very welcome to comment it. Let's start to install it.
We install it with its default settings.
command> cd /downloadscommand> tar -xzvf clamav-0.90rc1.1.tar.gzcommand> cd clamav-0.90rc1.1command> ./configurecommand> makecommand> make installcommand> make cleanIntall DansGuardianWe need a tool to link up the squid proxy server and clamav anti-virus scanner, and it is where DansGuardian placed in, which is a content filter software.
To be Continue ...