Proxy Servers

Proxy  Server & Proxy Filter Configuration:

Now we discuss here about the configuration of Proxy Server and Proxy Filter (Squid and Squid Guard). First of we discuss here what is “Squid”.

Squid:

This is a high performance web cache proxy server.

Now we come to the Configuration.

Go to the services tab and select Proxy Server.

Access Control:                192.168.0.0/24

Note: In access control section we can add two or more different networks. In this case proxy server allow internet access of both networks and both communicate to each other. Like as

                                                    192.168.0.0/24

                                                    192.168.1.0/24

                                                    192.168.2.0/24

 

Squid Guard:

This is a high performance web cache proxy server

Note: Squid installation is most important before the installation of SquidGuard. Now we go to next step Configuration.

If we need more feature like as “IP Blocking” “MAC Blocking” “Domain Filtering” “Timing schedule” “2 Different Network Communication” etc. Configuration

 add one Timing Schedule by hitting on + plus sign.

Name:                             Weekly Timing Schedule

Description:                  Weekly Timing Schedule Listed here

                                        Save Settings

Next go to the Target Categories Tab in Proxy Filter. Add one Target Categore by hitting on + plus sign.

Name:                            Domain_List

Domain List:                 facebook.com youtube.com twitter.com

Note: Every domain separated by a single space.

Save Settings

Next go to the ACL_Group tab in Proxy Filter. Add one ACL _Group by hitting on + plus sign.

Name:                           ACL_Group

Client (Source):          192.168.0.3-192.168.0.254

Timing:                        Weekly Timing Schedule

Target Rule:                Hit on play sign      stay on Target categories     Select timing rule and Deny

Save Settings


Next go to the Common ACL Tab in Proxy Filter. Add one Common ACL by hitting on + plus sign.

Target Rule:                           Access denied

Save Settings

Next go to the General Setting Tab in Proxy Filter. Add one General Setting  by hitting on + plus sign.

Enable:                           Add check sign

Apply Settings

ARP Table & Block Internet Access

ARP Table:

How find Mac IDs, Machine Name or Host Name, IP address and machine interface.

GO to Diagnostic tab and select ARP table option .ARP Table print screen given below.

ARP table helpful  for IP reservation, Mac blocking, IP blocking and many more.

How block IP address:

PFsense is a free BSD and Firewall router .Through this firewall router we block IP addresses that listed in dhcp list or network list.

There are two methods in which we restrict the internet access of clients or users.

First Method:

Go to Firewall tab and select Rule option. Add rule on lan interface .Select action as a “Block” Condition On interface Select “LAN” and then on protocol portion add “any” or “TCP/UDP” then go to Source section and select type as “Single host or Alias” and type on down line that IP address on which you want to block internet access .print screen given below.

Note*** First mach role will work so when we need to block any user we need to put rule at the top of the default rule in firewall section.
 

Action:                            Block

Interface:                       LAN

Protocol:                        Any

Type:                              ingle host or Alias

                                       192.168.0.10

  

Second Method:

In second method it is important that proxy server already installed. Like Squid and squid guard.

Go to the services tab and point out to the Proxy server. In a proxy server we use Access control tab. In access tab we have an option with the name of “Band Host addresses” where we add that IP addresses we need to restrict internet access and then save.

Note: Each IP address written to the next line by pressing the Space button. Like as

Band Host Address:                                    192.168.0.10

                                                                      192.168.0.11

                                                                      192.168.0.12

                                                                                             
 

417 Error in Squid

417 Error in Squid:

How to fix 417 error in squid.

History:

Changes in 3.1 ignore_expect_100

Ported from 2.7. Requires --enable-http-violations Prevents 417 errors being sent to broken HTTP/1.1 non-compliant clients.

Changes in 2.7 ignore_expect_100

Experimental HTTP/1.1 support knobs

Configuration Details:

Option Name:	ignore_expect_100
Replaces:
Requires:	--enable-http-violations
Default Value:	ignore_expect_100 off

                                                 

                                                        ignore_expect_100 on

Add this highlighted text into proxy server. Go to “services” tab and select proxy server and then select General tab. Add selected text into custom option and then save. Print screen given below.

Select LAN interface as proxy interface.Add check sign on "Allow users on interface" and "Transparent proxy".You can see below Custom option. In custom option exception added.now uploading traffic bypass the proxy server. Then save setting.If you face more that  type of problem add exceptions in custom options.