18.13. SquidProxy

You can find the SquidProxy Settings at Services → SquidProxy.

The SquidProxy is a caching proxy for the Web supporting HTTP, HTTPS and more.

Before you can use the SquidProxy it has to be installed. You can install it at System → Addons.

18.13.1. Settings

18.13.1.1. General Settings

Enabled can be changed to enable or disable SquidProxy. It’s disabled by default.

Proxy Interfaces are the interfaces and addresses the proxy is running on.

18.13.1.2. HTTP

Enabled can be changed to enable or disable HTTP. It’s enabled by default.

Proxy Port is the port the HTTP proxy server will listen on. Default is 3128.

Transparent Proxy can be enabled to make the proxy act as a transparent proxy. It’s disabled by default. The transparent proxy will redirect any traffic to port 80 on the Proxy Interface to Squid.

18.13.1.3. HTTPS

Enabled can be changed to enable or disable HTTPS. It’s disabled by default.

Proxy Port is the port the HTTPS proxy server will listen on. Default is 3129.

Transparent Proxy can be enabled to to make the proxy act as a transparent proxy. It’s disabled by default. The transparent proxy will redirect any traffic to port 443 on the Proxy Interface to Squid. Since traffic is encrypted and the Transparent Procy of VT AIR does not do a Man in the Middle Attack the desired information are obtained from looking at the connection start and extract IPs and the SNI field. This leaves the client without warnings about the connection while obtaining enough information to evaluate HTTP Access rules.

Certificate can be configured which certificate will be used.

18.13.1.4. Cache Settings

Hard Disk Cache Size is the amount of disk space to use in megabytes. The default is 100 MB.

Memory Cache Size specifies the ideal amount of memory to be used in megabytes. Default is 256 MB.

18.13.1.5. Advanced

Visible Hostname will be displayed in proxy server error messages. Default is localhost.

Administrator’s Email will be displayed in error messages to the users. Default is admin@localhost.

Custom Options can be used for custom configuration parameters for the config. They are placed between ACLs und HTTP Access definitions.

18.13.2. ACL

Defining an Access List. An ACL has a type Source, Destination Domain, Destination Regex, Port, Protocol or Custom. Custom allows you to pick an ACL Type from the Squid manual (Squid ACL).

An ACL entry can have one or multiple entries and you have to enter one per line. For example the ACL Source could contain:

  • 192.168.100.1
  • 192.168.101.0/24

18.13.3. HTTP Access

Allowing or Denying access based on defined access lists. HTTP Access lists are defined by combining ACLs with either AND or OR. You can also negate an ACL with NOT.

This allows you to define access or decline access based on ACLs.

For example to deny access to www.google.com you have to create an ACL of type Destination Domain. You can use that ACL in HTTP Access of type Deny.

The order of HTTP Access matters and you can drag & drop entries in the list to create the desired order.

18.13.4. Access Log

Here you can see the access log where Squid logs the live information about who is accessing the proxy server as well as related information about the status of requests and replies.

You can filter the access log via the search field.