diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-10-07 20:46:28 +0200 | 
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-10-07 20:46:28 +0200 | 
| commit | cdf924ef5d03eb1c4485ffece91c3abee2deebea (patch) | |
| tree | 81316840bf13b7a67ac51334a2c73f87c19c8e7f | |
| parent | 84a135e5be49a3d013f3bd66ffb5549f44ac3257 (diff) | |
| download | vyos-documentation-cdf924ef5d03eb1c4485ffece91c3abee2deebea.tar.gz vyos-documentation-cdf924ef5d03eb1c4485ffece91c3abee2deebea.zip | |
Added Webproxy to Services chapter
| -rw-r--r-- | docs/services.rst | 101 | 
1 files changed, 99 insertions, 2 deletions
| diff --git a/docs/services.rst b/docs/services.rst index 2b717d40..5c0358c0 100644 --- a/docs/services.rst +++ b/docs/services.rst @@ -1484,8 +1484,6 @@ as the ``vyos`` user using their own keys.    set system login user vyos authentication public-keys 'xrobau' key "AAAAQ39x...."    set system login user vyos authentication public-keys 'xrobau' type ssh-rsa - -  TFTP  ---- @@ -1528,6 +1526,103 @@ The resulting configuration will look like:        listen-address 10.10.1.1     } +Webproxy +-------- + +The proxy service in VyOS is based on Squid3 and some related modules. + +Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, +including speeding up a web server by caching repeated requests, caching web, +DNS and other computer network lookups for a group of people sharing network +resources, and aiding security by filtering traffic. Although primarily used +for HTTP and FTP, Squid includes limited support for several other protocols +including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the +SOCKS protocol. + +All examples here assumes that your inside ip address is ``192.168.0.1``. +Replace with your own where applicable. + +URL Filtering is provided by Squidguard_. + +Configuration +^^^^^^^^^^^^^^ + +.. code-block:: sh + +  # Enable proxy service +  set service webproxy listen-address 192.168.0.1 + +  # By default it will listen to port 3128. If you wan't something else you have to define that. +  set service webproxy listen-address 192.168.0.1 port 2050 + +  # By default the transparent proxy on that interface is enabled. To disable that you simply +  set service webproxy listen-address 192.168.0.1 disable-transparent + +  # Block specific urls +  set service webproxy url-filtering squidguard local-block myspace.com + +  # If you want to you can log these blocks +  set service webproxy url-filtering squidguard log local-block + + +Options +******* + +Filtering by category +^^^^^^^^^^^^^^^^^^^^^ + +If you wan't to use existing blacklists you have to create/download a database +first. Otherwise you will not be able to commit the config changes. + +.. code-block:: sh + +  vyos@vyos# commit +  [ service webproxy ] +  Warning: no blacklists installed +  Unknown block-category [ads] for policy [default] + +  [[service webproxy]] failed +  Commit failed + +* Download/Update complete blacklist + +  :code:`update webproxy blacklists` + +* Download/Update partial blacklist + +  :code:`update webproxy blacklists category ads` + +  Use tab completion to get a list of categories. + +* To auto update the blacklist files + +  :code:`set service webproxy url-filtering squidguard auto-update update-hour 23` + +* To configure blocking add the following to the configuration + +  :code:`set service webproxy url-filtering squidguard block-category ads` + +  :code:`set service webproxy url-filtering squidguard block-category malware` + +Authentication +^^^^^^^^^^^^^^ + +TBD: https://wiki.vyos.net/wiki/Web_proxy_LDAP_authentication + +Adjusting cache size +^^^^^^^^^^^^^^^^^^^^ + +The size of the proxy cache can be adjusted by the user. + +.. code-block:: sh + +  set service webproxy cache-size +   Possible completions: +     <0-4294967295> +                  Disk cache size in MB (default 100) +     0            Disable disk caching +     100 +  .. _ddclient: http://sourceforge.net/p/ddclient/wiki/Home/  .. _RFC2136: https://www.ietf.org/rfc/rfc2136.txt  .. _`Cisco Discovery Protocol`: https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol @@ -1539,3 +1634,5 @@ The resulting configuration will look like:  .. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3  .. _MIB: https://en.wikipedia.org/wiki/Management_information_base  .. _TFTP: https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol +.. _Squid3: http://www.squid-cache.org/ +.. _Squidguard: http://www.squidguard.org/ | 
