You can find the SquidProxy Settings at Services → SquidProxy.
The SquidProxy is a caching proxy for the Web supporting HTTP, HTTPS and more.
Before you can use the SquidProxy it has to be installed. You can install it at System → Addons.
184.108.40.206. General Settings¶
Enabled can be changed to enable or disable SquidProxy. It’s disabled by default.
Proxy Interfaces are the interfaces and addresses the proxy is running on.
Enabled can be changed to enable or disable HTTP. It’s enabled by default.
Proxy Port is the port the HTTP proxy server will listen on. Default is 3128.
Transparent Proxy can be enabled to make the proxy act as a transparent proxy. It’s disabled by default. The transparent proxy will redirect any traffic to port 80 on the Proxy Interface to Squid.
Enabled can be changed to enable or disable HTTPS. It’s disabled by default.
Proxy Port is the port the HTTPS proxy server will listen on. Default is 3129.
Transparent Proxy can be enabled to to make the proxy act as a transparent proxy. It’s disabled by default. The transparent proxy will redirect any traffic to port 443 on the Proxy Interface to Squid. Since traffic is encrypted and the Transparent Procy of VT AIR does not do a Man in the Middle Attack the desired information are obtained from looking at the connection start and extract IPs and the SNI field. This leaves the client without warnings about the connection while obtaining enough information to evaluate HTTP Access rules.
Verify DNS Verify HTTPS Header Domain against the DNS entry. Disabling this allows security risks like spoofing. On the other hand google or amazon sites usually do not work when transparent SSL is enabled because they use so many DNS entries.
Certificate can be configured which certificate will be used.
220.127.116.11. Cache Settings¶
Hard Disk Cache Size is the amount of disk space to use in megabytes. The default is 100 MB.
Memory Cache Size specifies the ideal amount of memory to be used in megabytes. Default is 256 MB.
18.104.22.168. Clamav Anti-Virus¶
ClamAV can scan the webtraffic of the proxy for viruses. This only works when the traffic can actually be seen unencrypted and is uneffective in the transparant HTTPS case.
Enabled enable or disable the virus scan.
Update Interval specifies how often the virus definition should be updated during a 24 hour period.
22.214.171.124. Shalla Blacklist¶
Allows you to import the Shalla Blacklist. The Blacklist categories are imported to the ACLs and can be used for HTTP Access Rule.
Enabled enable or disable the blacklists.
Update Interval specifies how often the blacklist definition should be updated.
Visible Hostname will be displayed in proxy server error messages. Default is localhost.
Administrator’s Email will be displayed in error messages to the users. Default is admin@localhost.
Custom Options can be used for custom configuration parameters for the config. They are placed between ACLs und HTTP Access definitions.
Defining an Access List. An ACL has a type Source, Destination Domain, Destination Regex, Port, Protocol or Custom. Custom allows you to pick an ACL Type from the Squid manual (Squid ACL).
An ACL entry can have one or multiple entries and you have to enter one per line. For example the ACL Source could contain:
18.14.3. HTTP Access¶
Allowing or Denying access based on defined access lists. HTTP Access lists are defined by combining ACLs with either AND or OR. You can also negate an ACL with NOT.
This allows you to define access or decline access based on ACLs.
For example to deny access to www.google.com you have to create an ACL of type Destination Domain. You can use that ACL in HTTP Access of type Deny.
The order of HTTP Access matters and you can drag & drop entries in the list to create the desired order.
18.14.4. Access Log¶
Here you can see the access log where Squid logs the live information about who is accessing the proxy server as well as related information about the status of requests and replies.
You can filter the access log via the search field.