Category Archives: Proxy
Content control software/ Web Content filtering using SquidGuard for enterprise network
Content filtering for enterprise network or educational institution can be a mandatory requirement in many institutions/organizations. Besides filtering web content by category, content control/filtering software can also helps us to filter out malware and virus sites, unwanted advertisements etc. Finding the right product and making it work for your organization can be a challenge. Click to find a list of content control software. When I first tried to implement content filtering system in my organization, the biggest challenge was to find the right product and get a demo running to check the integration aspects. After spending significant amount of time to identify a content filtering system that best fits my organization I did not get enough support from the local vendors. So later one decided to go with Squid Proxy with SquidGuard (some thing I used before). This works out very well for me. Besides being a little heavy on administration side, I have not much to complain about. This content filter can sit on the network as a proxy server and filter all web traffic as per the organization policy.
Educational institutors in many part of the world are bound by the law to protect children from inappropriate Internet contents. In business organizations or organizations of any type, Internet resources can be filtered for unwanted advertisements, malware, virus, pornography sites etc. Web content filtering or content control software is a smart way to address these issues and help enforce organizations policy and protect the network and its users.
Some of the categories that can be used to guide browsing behaviors are following
Advertisements, automobile, dating, education, gamble, hobby, isp, models, podcasts, recreation, ringtones, shopping, updatesites, weapons, webtv, aggressive, chat, downloads, finance, homestyle, jobsearch, movies, politics, redirector, science, socialnetwork, urlshortener, webmail, alcohol, drugs, fortunetelling, government, hospitals, library, music, pornography, religion, searchengines, spyware, violence, webphone, anonymous vpn, hacking, imagehosting, military, news, radio, tv, remotecontrol, sex, tracker, warez, webradio and more. These lists can be used to allow or disallow certain category of sites
SquidGuard implementation for enterprise network
SquidGuard is a content filtering tool used in enterprise network to control/filter sites that end users/hosts can access.
SquidGuard is built to work as a plug-in for squid. It uses black lists and url redirection technology to make this content filter work.
There are many free/paid black lists available in the internet, that SquidGuard can work with. These black lists includes, list of url and domain, usually categorized into content group such as advertising, chat, social network, proxy, porn, webmail, education and many more.
We see content filtering requirements in educational institutions, corporate network etc.
SquidGuard is open source, works with your Squid Proxy server. I have done my implementation on Redhat EL 5.x with squid 2.6
Setting up Web Proxy Autodiscovery Protocol (WPAD) using DNS
In order to use the DNS only method to setup Web Proxy Autodiscovery Protocol (WPAD) you need to check on the following
- To use WPAD using DNS method a DNS entry is needed for a host named WPAD. This name should be resolvable from the clients machine
- Web server must be configured to serve the WPAD file with a MIME type of “application/x-ns-proxy-autoconfig”
- A file named wpad.dat must be located in the WPAD Web server’s root directory.
- The host at the WPAD address must be able to serve a Web page.
- So if you are a member of example.com domain the browser is looking for this url for the PAC file http://wpad.example.com/wpad.dat
Setting up Automatic Proxy Configuration (PAC) file
I tried to make this tutorial for users with medium to advance linux administrative skills. Even if you are not one of those one of them feel free to leave a comment and I shall try to help you out.
To make your Proxy Auto Configuration APC work you need a PAC file and a server to host it.
We shall do it in the following steps
- Write a PAC file with appropriate proxy configuration
- Hosting the file: Put it on a web server where the client browser can access it
- Setting up client browser for suing the PAC file to get and use proxy configuration
- Check if the traffic is going through the proxy server
Proxy auto configuration for an enterprise network
Proxy servers are commonly used in corporate network. I prefer using squid proxy, probably one of the most robust, feature rich proxy servers out there.
I usually use web proxy servers (squid) for end users are used for the following reason
- Cashing of the web contents and DNS, which helps with Internet bandwidth optimization and Faster website load time
- Access control to internet resources, client bandwidth control
- Assist with content filtering (like SquidGuard)
- Maintaining client access log for security compliance
- Protecting client machines from direct exposure to Internet
Setting up proxy server setting in all client machine can be a time consuming business, if we have to manually configure and maintain each and every browser running on the network. However running a transparent proxy on the gateway is a quick and easy to way ensure all traffic goes through proxy server.
Internet, acceptable usage
The price of internet has become a cheaper then ever, how ever it is still not so inexpensive resource in South Asia. On the other hand internet contents has become very heavy (compared to old days) as well as internet applications has become real time. Use of internet is not limited to information and education any more.
In an educational institute or a in a corporate environment example bank, this wide range of services could be counter productive in many ways and requires some form of control.
- Access to malicious content
- Unwanted services which is counter productive for the organisation and individuals
- Most impotently unwanted services chocking access to legitimate Internet usage
