Deploying A Content Filtering Proxy Server To Distribute Controlled Internet Access With SafeSquid
A content filtering proxy server, helps distribute Internet access while providing control to the administrators over the content delivered. It is usually used in organizations or schools to ensure that Internet usage conforms to the local acceptable use policy. A content filtering proxy must necessarily accommodate the demands of granular rules for Internet access privileges and restrictions across an enterprise.
A content filtering proxy can be used to filter out unwanted content, using methods such as URL or DNS blacklists, URL filtering, MIME filtering, keyword filtering, cookie filtering, header filtering, pornographic image filtering, etc.
A content filtering proxy supports authentication, to control access to the web. It produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. It also communicates to daemon based and ICAP based antivirus software to provide security against virus and other malware by scanning incoming content in real time before it enters the network.
In this tutorial, I will describe the procedure of installing the content filtering proxy server software- SafeSquid.
SafeSquid is a Linux based Content Filtering HTTP1.1 Proxy and an Application Layer Firewall. It allows administrators to control Who can access What, When and How Much on the net. It gives the administrator Total Access Control & Total Content Control.
SafeSquid offers a full featured free edition with no time limit that can comfortably be used in a 20 user network. The free version can be downloaded from HERE.
Installing SafeSquid On A Linux Box
Download SafeSquid Com20 free edition from SafeSquid Downloads page.
Copy the downloaded safesquid.tar.gz into /usr/local/src/:
cp safesquid-4.2.0-com20-free.tar.gz /usr/local/src/safesquid.tar.gz
Decompress the tar file using command:
tar -xvzf safesquid-4.2.0-com20-free.tar.gz
This creates a directory ‘safesquid’ in your current working directory. Change to this directory:
The safesquid directory contains the installation script install. Run the script:
The install script asks you to select one of the following 3 options –
Press “F” if we are doing a Fresh install
Press “U” if we want to Update an existing installation
Press “A” if we want to Adjust an existing conf file
Press “F” for fresh installation.
The install script checks for dependencies and displays the status.
The output should be similar to:
libpam.so.0 => /lib/libpam.so.0 (0xf6fea000)
libdl.so.2 => /lib/libdl.so.2 (0xf6fe5000)
libpthread.so.0 => /lib/tls/i686/libpthread.so.0 (0xf6fd4000)
libssl.so.4 => /lib/libssl.so.4 (0xf6fa0000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00bbb000)
libm.so.6 => /lib/tls/i686/libm.so.6 (0xf6f7d000)
libc.so.6 => /lib/tls/i686/libc.so.6 (0xf6e69000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00974000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x009e7000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00b1e000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x009e2000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00afb000)
libresolv.so.2 => /lib/libresolv.so.2 (0xf6e55000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00a11000)
libz.so.1 => /usr/lib/libz.so.1 (0x00962000)
Press any key to continue
If a missing dependency is reported, you will have to install it before you can continue. If everything is fine, then press any key to continue.
The SafeSquid End-User License Agreement is displayed. The options are as follows:
Press “B” / “F” to move Back / Forward
Press “S” when you have finished reading
Read the License Agreement, or press “S” to skip and continue.
The following options are displayed:
Press “Y” if you find the End-User License Acceptable
Press “A” To Read the End-User License Again
Press “N” if you find the End-User License NOT Acceptable
and immediately abort the Installation Process
Press “Y” to continue.
You can now either press “S” to install with the default options, or go through the various option pages. The install script will ask for about 28 configuration options. All option pages are self explanatory, and should not require you to make any changes.
To make changes in the default option, press “C”. When you have made the necessary changes, press “S” to continue with the installation.
The settings can later be changed using /etc/init.d/safesquid adjust command, or editing the startup.conf file, which you will find in /opt/safesquid/safesquid/init.d directory.
The changes will take effect the next time Safesquid is restarted.
The installation starts when you press “S”. The installation will pause a few times to display the status, and for confirmation. When the installation is complete, the following message is displayed:
Press “S” if you would like to start your safesquid now
Press any other key to simply exit
Press “S” to start SafeSquid. You should get the following message:
1. safesquid started with PID: 9659 … ssquid is NOT LISTENING on :8080 …
2. safesquid started with PID: 9659 … ssquid is LISTENING on 192.168.0.30:8080 … Process IS RUNNING
So, your SafeSquid is installed and running.
Now, to access the SafeSquid Interface, point the proxy setting in your web browser, to the SafeSquid Server’s IP:PORT, e.g. 192.168.0.30:8080, and access the URL http://safesquid.cfg.
Note: In case of problems, run the following command:
This will check and correct the installed files and directories, and their permissions. Restart SafeSquid after completion, with this command:
Source: How to forge