Products Partners Download Buy Network About Community Help  

User Guide Overview

Installing/Upgrading Introduction System Requirements Compatibility RAID Support Starting the Install/Upgrade Configuration Options Partitioning and RAID Troubleshooting

Post-Installation - First Boot Network Configuration Web-based Administration System Registration

Network Settings Bandwidth DHCP Server Hosts and DNS Server IP Settings LAN Configuration Multi-WAN Network Tools UPnP Wireless

Firewall 1 to 1 NAT Advanced DMZ Group Manager Incoming Outgoing Peer-to-Peer Port Forwarding

Security Intrusion Detection Intrusion Prevention

Accounts Users Groups Organization Administrators

System Backup and Restore Date Encrypted File Systems Language Running Services Shutdown and Restart SMTP Relay SSL Certificate Manager Webconfig

Backup LAN Backup/Recovery

Database Database

E-mail Antispam Antispam - Dspam Antispam - Training Antivirus Aliases Archive Filters / Greylist Maildrop POP and IMAP SMTP Mail Server Webmail

File and Print Services Flexshare FTP Server Print Server Windows Networking

Filtering and Proxying Access Control Ad and Pop-up Blocker Content Filter Web Proxy

Groupware Groupware Setup

VPN Desktop-to-LAN / PPTP LAN-to-LAN / IPsec OpenVPN

Web Photo Gallery Web Server

Reports Current Status Dashboard Overview Intrusion Detection Logs SMTP Mail Statistics Web Proxy Web Server


Contact Us
  Sales Enquiry
  Tech Support

 

Modules - Web Proxy

Contents

Overview

Web Proxy Information
Description Web proxy cache server.
Package Name cc-squid
Configuration Page Software > Proxy and Filtering > Web Proxy


Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP. The software not only saves bandwidth and speeds up access time, but also gives administrators the ability to track web usage in the daily report.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

Configuration

General Settings

Maximum Cache Size

The maximum size on your hard disk to use for the proxy server cache.

Maximum Object Size

Any file (image, web page, PDF, etc) above the maximum object size will still go through the proxy but will not be cached. Large files (for instance, a movie file) can take up a lot of space in your proxy cache. If you have a cache size of 2 Gb and two people happen to download 1 Gb files at the same time, then these two files would replace everthing else in your cache. You can limit the maximum object size to prevent this situation.

Maximum Download File Size

If you want to limit downloads of large files (for instance, movies) you can set a maximum size. Any file above this limit will get blocked.

Reset Cache

Use the reset cache button to delete all the files currently stored by the web proxy server.

Mode

Transparent Mode

With transparent mode enabled, your web proxy will intercept web traffic automatically. In this mode, it is not necessary to configure proxy server settings in your web browser. However, the nature of the web proxy protocol means there are some important limitations to consider with transparent mode:

  • User Authentication must not be used
  • Secure web sites (HTTPS) do not pass through the proxy

If you require user authentication and/or secure web proxying, you must use non-transparent mode and configure proxy settings in your web browser. In non-transparent mode, your proxy server settings should be set to port 8080 if the content filter is in use, otherwise it should be set to port 3128.

Content Filter

The web proxy and content filter work together to filter web traffic on your network. If you plan on using the content filter, make sure this feature is enabled. If you are using non-transparent mode, make sure you update your web browser proxy settings to connect to port 8080 (content filtering) on the ClarkConnect system.

Banner and Pop-up Filter

Enabling the banner and pop-up filter will block unwanted pop-ups and advertisements on the web.

User Authentication

With user authentication enabled, all users will require a username and password to access the web.

Web Site Bypass

In some circumstances, you may need to by-pass the proxy server when it is running in transparent mode. Typically, this is required for web sites that are not proxy-friendly (notably, older Microsoft IIS web servers send invalid web server responses -- these responses may not get through the proxy server).

Example: Tivo personal video recorders (PVRs) are unable to connect via a proxy server. Adding Tivo's network 204.176.0.0/14 to the proxy by-pass list solves the issue.

Web Browser Configuration

In non-transparent mode, you must change the settings on all the web browsers running on your local network. The following describes the steps for configuring Internet Explorer, but other browsers have similar procedures. In Internet Explorer

  • Click on Tools in the menu bar
  • Select Internet Options
  • Click on the Connections tab
  • Click on the LAN Settings button

Image:squid1.png


In the Proxy Server settings box, specify your gateway's IP address (default: 192.168.1.1) and the proxy port -- 8080 if you have the content filter enabled, 3128 if you do not have the content filter enabled.

Reports

The Web Proxy Report includes statistics on top sites, number of hits, usage by LAN IP address, daily traffic size, and more. You can view the report from the web-based administration tool.

FTP Proxy

From the Squid Web Proxy FAQ:

Question: Can I make my regular FTP clients use a Squid cache?

Answer: It's not possible. Squid only accepts HTTP requests.

Troubleshooting

Web Browser Settings

If you see the message A configuration issue with your web browser settings was detected, please make sure your browser settings match your proxy server configuration.

Secure Web Sites and Transparent Mode

Many users wonder why it is not possible to proxy secure web sites (HTTPS) in transparent mode. Here's why. When you configure your web browser with proxy server settings, the browser changes its behavior and talks to the proxy server in a special way. This changes makes it becomes possible to send HTTPS requests through the proxy.

In transparent mode, the web proxy silently hijacks the web request. The web browser is completely unaware that a proxy server exists and does not change its behavior. The nature of HTTPS means that the web server connection is already encrypted by the time the proxy server gets involved!

Links

Retrieved from "http://wiki.clarkconnect.com/docs/Modules_-_Web_Proxy"

This page has been accessed 27,320 times. This page was last modified on 12 May 2008, at 02:28.


 
   
Copyright © 2000-2007, Point Clark Networks
Company | Contact | Legal | Help | Login