How to set up a Squid Proxy/DansGuardian server using Ubuntu 6.06

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process.

DansGuardian is a web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.

Installing Apache

Start off by ensuring Apache Web Server is installed, if not, install it using this command

sudo aptitude install apache2

Setting a Static IP Address

Now make sure that you have a static IP address

sudo nano /etc/network/interfaces

And change the following (bold) to match your network

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address	192.168.1.2
	netmask	255.255.255.0
	gateway	192.168.1.1

Press ctrl + x to exit, yes to save, and enter to keep the same file name. After saving the file, you must now restart the networking process

sudo /etc/init.d/networking restart

Installing and Configuring Squid

Next install the Squid Proxy Server

sudo aptitude install squid

If you want to change the default port that squid listens on [3128], change the http_port tag using nano, making a backup copy first

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf_backup
sudo nano /etc/squid/squid.conf

OK, now we’ll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860) Uncomment these 2 lines and add your network allocations

acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

Optional = if you get a startup error ‘FATAL: Could not determine fully qualified hostname. Please set visible_hostname’ you will also need to modify the visible_hostname tag

visible_hostname localhost

Save the file and close nano.

Installing and Configuring DansGuardian

To install DansGuardian, use the following command

sudo aptitude install dansguardian

Once the package is installed, edit the following lines in the conf file to match, this will set DansGuardian to do basic filtering and use Squid as its proxy server.

# UNCONFIGURED
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128

To configure banned/exception sites based on either phrases, ip addresses, urls, mime type, etc… you would need to edit one of the following files using nano. All files are located in /etc/dansguardian/

bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedurllist
banneduserlist

exceptioniplist
exceptionphraselist
exceptionsitelist
exceptionurllist
exceptionuserlist
exceptionvirusextensionlist
exceptionvirusmimetypelist
exceptionvirussitelist
exceptionvirusurllist

Restarting Squid and DansGuardian

Whenever a file is edited, it is good practice to restart both Squid and DansGuardian services by using the following commands

sudo /etc/init.d/dansguardian stop
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid start
sudo /etc/init.d/dansguardian start
ps –e | grep dansguardian ## to see if the service is running

Now that Squid and DansGuardian are configured, test it by setting up your browser to use the proxy server with port 8080. A site that is blocked by default in DansGuardian is www.porn.com, if you get a page redirect then you’re good to go.